What is JWT(Json Web Token)?
JSON Web Token (JWT) is a JSON-based open standard for passing claims between parties in web application environment. The tokens are designed to be compact, URL-safe and usable especially in web browser single sign-on (SSO) context. JWT claims can be typically used to pass identity of authenticated users between an identity provider and a service provider. The tokens can also be authenticated and encrypted.
JWT for Enchant single sign-on has three parts seperated by a .,each section is created differently. Three parts are -
1. Header : The header carries 2 parts - declaring the type, which is JWT and the hashing algorithm to use (HMAC SHA256 in this case).
2. Payload : The payload will carry the bulk of JWT, also called the JWT Claims. This is where we put the information that we want to transmit and other information about token. Registered claims are as follows -
iss: The issuer of the token
sub: The subject of the token
aud: The audience of the token
exp: This will define the expiration in NumericDate value.
nbf: Defines the time before which the JWT MUST NOT be accepted for processing
iat: The time the JWT was issued. Can be used to determine the age of the JWT
jti: Unique identifier for the JWT. Can be used to prevent the JWT from being replayed.
"name": "Abc Xyz",
3. Signature : The third part of JSON Web Token is signature. This signature is made up of a hash of header, payload, secret.
var encodedString = base64UrlEncode(header) + "." + base64UrlEncode(payload);
The secret is the signature held by the server.