Upgrade to Pro — share decks privately, control downloads, hide ads and more …

JSON Web Tokens

DamirSvrtan
September 14, 2016

JSON Web Tokens

A presentation about JSON Web Tokens and all the pros and cons of using them. Also a note on integrating it with Rails.

DamirSvrtan

September 14, 2016
Tweet

More Decks by DamirSvrtan

Other Decks in Programming

Transcript

  1. GENERATE A RANDOM AUTH TOKEN class User before_save :generate_auth_token def

    generate_auth_token loop do self.auth_token = Devise.friendly_token break if User.find_by_auth_token(auth_token).nil? end end end
  2. Passwords • when compromised are difficult to change • reveal

    information about people who created them • people use them across several services
  3. Authentication Tokens • auto-generated, random, unique (not shared across multiple

    services). • when compromised can be renewed easily with little user inconvenience
  4. BROWSER SERVER EM AIL=DAM IR@ EXAM PLE.COM &PASSW ORD=PASS123 ACCESS_TOKEN=RAND0M

    $TR1N6 EM AIL=DAM IR@ EXAM PLE.COM &PASSW ORD=PASS123 MOBILE ACCESS_TOKEN=ANOTHER-RAND0M $TR1N6
  5. JSON Web Tokens are an open, industry standard method for

    representing claims securely between two parties.
  6. iss: The issuer of the token sub: The subject of

    the token aud: The audience of the token exp: This will define the expiration in NumericDate value. nbf: Defines the time before which the JWT MUST NOT be accepted for processing iat: The time the JWT was issued. Can be used to determine the age of the JWT BODY CLAIMS