Set up JWT Authentication - Githubissues

khwilo / django-dev-labs

Experimentation on Django features

MIT License

0 stars 0 forks source link

Set up JWT Authentication #4

Closed khwilo closed 4 months ago

khwilo commented 4 months ago

Description

JSON Web Token (JWT) is an object used to authenticate web applications and authorization and information exchanged. A JWT consists of a header (x), payload(y), and a signature:

xxxx.yyyy.zzzz

Header

The header consists of two parts: the type of token and the signing algorithm (ensures a message is authentic and not altered).

{
   "alg":"RSA",
   "typ":"JWT"
}

Payload

The payload contains the claims which are statements about an entity.

{
   "id": "26a6e2e0-8e57-48a6-afe8-715200d9f90a",
   "name": "Kyla Imali",
   "admin": true
}

Signature

This is the combined and signed encoded header, encoded payload plus a secret, and an algorithm specified in the header. This is what it might look like using the RSA algorithm:

RSA(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)

Each time a user logs in, a JWT is created and returned. Two types of tokens will be of use here:

Access token - accesses resources and handles authorization
Refresh token - retrieves a new access token

Acceptance Criteria

JWT authentication is set up in the Django project.