hyunbin7303 commented 4 years ago

JWT is an open standard that allows transmitting of data between parties as Json. It is digitally signed so the data is trusted and verified. It can be signed using public/private key(ECDSA or RAS) or made secret with HMAC algorithm.

Header... Payload... Signature.

Header

Hasing algorithm + type of token(JWT) { "alg": "HS256", "typ": "JWT" }
Payload
The second part of the JWT is a payload that contains the claims. Claims are the statements about the entity, such as a user. Furthermore, the payload contains the additional metadata. Here is the following information(Registered Claims):
iss (Issuer)
sub( Subject)
aud (Audience)
exp (Expiration Time)
nbf (Not before)
iat (Issued at)
jti (JWT id)

Signature.

To create the Signature part, we have to use encoded header and payload, a secret that used by the algorithm specified in the header and sign that. The signature is used to verify that the message wasn't changed in transition.

hyunbin7303 commented 4 years ago

@habbs19 , @bds0900 We need some investigation how to implement this.

hyunbin7303 commented 4 years ago

https://medium.com/@vaibhavrb999/jwt-authentication-authorization-in-net-core-3-1-e762a7abe00a

hyunbin7303 / TodoRestful

JWT investigation #42

Header

Payload

Signature.