Week 17 - Session 2 - User Authentication - JSON Web Tokens

blog image source
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with HMAC algorithm) or a public/private key pair using RSA.

JSON Web Token (JWT) Process:
  1. Encrypted string issued by the web server
  2. Stored by the client, typically in local storage
  3. Web server signs token using a SECRET KEY
  4. When the token is sent back to the server, can verify it using the secret key
  5. If the token is tampered with, verification will fail
A JWT consist of three parts:
  • Header; consists of two parts: the type of the token, which is JWT, and the hashing algorithm.
  • Payload; which contains the claims which are an entity (typically, the user) and additional metadata.
  • Signature; takes the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
JWT - https://jwt.io/
5 Easy Steps to Understanding JSON Web Tokens (JWT) - https://medium.com/vandium-software/5-easy-steps-to-understanding-json-web-tokens-jwt-1164c0adfcec

Popular posts from this blog

Week 9 to 12 - Learning with MCR Codes

Image
My experience with  @MCRcodes   as a Quality Assurance Tester.  This is an evening part-time coding boot camp based in central Manchester which runs for 24 weeks, from February 2018 to July 2018. Week 9 (April 2018) - After spending two decades using the internet, I finally have an understanding how it works now, and the communication between the server and the client. Nice to create and run a simple server using Express and I now know what API actually means now, I think. Really appreciate how amazing and powerful the npm  package manager really  is, and looking forward to installing other future packages.  We have now started our back-end programming journey. Session 1 -  The Internet, the Web, HTTP Session 2 -  Web APIs & Express Week 10 - Really enjoying creating and reading test units for server assignments. Additionally, learning s ynchronous/a synchronous programming has been a tease.   Unfortunately, I was unable to attempt few classes due to unplanned c
Read more

Week 8 - Session 1 - JavaScript in the Browser

Image
blog image source HTML document as a nested set of boxes. Tags such as <body> and </body> enclose other tags, which in turn contain other tags or text. There is an object, which we can interact with to find out things such as what HTML tag it represents and which boxes and text it contains. This representation is called the Document Object Model, or DOM for short. The global binding document gives us access to these objects. Its documentElement property refers to the object representing the <html> tag. Since every HTML document has a head and a body, it also has head and body properties, pointing at those elements. When a web page is loaded, the browser creates a Document Object Model of the page, which is an object oriented representation of an HTML document, that acts as an interface between JavaScript and the document itself and allows the creation of dynamic web pages: JavaScript can add, change, and remove all of the HTML elements and attributes in the page
Read more

Week 9 - Session 1 - The Internet, the Web, HTTP

Image
blog image source The internet, a worldwide network of computer networks, a llows transfer of information between networks, and the information is transferred using the internet protocol suite (IP/TCP). One of the most commonly used services on the internet is the world wide web (www). A primary mode of transferring data (resources) over the internet for billions. The application protocol that makes the web work is hypertext transfer protocol. blog image source As web developers, we are mainly interested in HTTP,  a protocol that web browsers and web servers use to communicate with each other over the Internet.  The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers. HTTP works as a request-response protocol between a client and server. A web browser may be the client, and an application on a computer that hosts a website may be the server. How does the Internet work? -  https://developer.mozilla.org/en-US/docs/Learn/Common_
Read more