Why use JSON Web Token (2021) | CodeUsingJava










Why use JSON Web Token (JWT)

One of the biggest challenges in today's era revolves around security of data. Whenever any application is made, it is taken care that all its mappings are fully secured.
JWT or JSON Web Token can be defined as a safer method by which information can be securely exchanged between two parties. In other words it is just like an encrypted container which is used for the purpose of Authorisation of a user.
For accessing an Enterprise application, the user needs to create and account and Signin and in this way the process of authenticating a user works.
When a person log in to the website, a session id is created and stored. After a particular specified time, the session id gets expired. Till then the user can access the mapping. A comparison takes place between the sessionId and the stored Session in the server.
Why the need of JWT came?
The benifit provided by JWT over traditional approach is that there is no need to store any data either in client or server side. JWT follows the method of Stateless authentication. So with this approach, an additional load on the server can be reduced.
To understand more clearly, let us take an example:-

Table Of Contents :


Working of JWT

The working flow of JWT can be understood by the following example-
Every Employee needs to have a verified token to access the secret room. So the Employee first authenticate himself to the organisation and gets the token. This token is checked just before entering to the secret room and finally the employee gets verified and can access the secret room.
basic of jwt
Now the same criteria can be understood in terms of web security as follows-
When the user sign in for the first time, a token is received to the user , this toen is a JSON Web Token and it contains all the information of user in an encrypted format. The user can use this token till it is not dead.
workflow of jwt

Structure of JWT
The structure of JWT can be explained by the following digram:-
The three different colored lines indicate the three parts of the JSON Web Token i.e. Header, payload and Signature.
They are represented as Header.payload.Signature
structure of jwt

Header also known as JOSE(JSON Object Signing and Encryption) Header consist of the details regarding type of token and the algorithm used for the purpose of security.
Before the encoding process, Header is a JSON object.
	{
		"alg": "HS256",
		"typ": "JWT"
	  }

Payload also known as JWS(JSON Web Signature) Payload consist of the details regarding the user credentials and role and the claims which are represented like iss, sub and aud etc.
It is not recommended to pass any sensitive content in the payload. Before the encoding process, Payload is also a JSON object.
	{
		"sub": "1234567890",
		"name": "John Doe",
		"iat": 1516239022
	  }

Signature also known as JWS(JSON Web Signature) Signature is used to validate the token whether it is reliable. It is the hash of the header and the payload and the algorithm for hashing is defined in the Header.
  HMACSHA256(
  base64UrlEncode(header) + "." +
  base64UrlEncode(payload),
  
your-256-bit-secret

) secret base64 encoded

The three parts of JWT can be separated by a dotes and we can decode the header and the payload by the use of base64Url Decoder.