Let's talk about JWT
- Wicklow Hall 1
- 15:05 on 14 July 2022
- 30 minutes
JSON Web Tokens, or JWTs for short, are all over the web. They can be used to track bits of information about a user in a very compact way and can be used in APIs for authorization purposes. Join me and learn what JWTs are, what problems it solves, how you can use JWTs, and how to be safer when using JWTs on your applications.
JSON Web tokens dominated the way we give access to APIs and how we carry data from users, but to use JWTs safely we need to understand how they came to life and how JWTs can be useful. In this talk we will take a closer look at the famous three-part structure that forms a JSON Web Token, and the claims each JWT can carry. But knowing it’s history and structure is not enough, we need also to understand the algorithms used in creating a token and how you can use JWTs as access tokens or as ID tokens. After understanding JWTs on a deeper level, we will create and validate a JWT together using the PyJWT library and discuss things you should avoid doing to be safer when using JWTs in your projects.
- How did JWT come to life? Talk about the JOSE specification;
- What actually is a JSON Web Token and its structure: header, payload, and signature;
- What is a claim and its standardization efforts;
- The different types of algorithms that can be used to create JWTs and what is JWKs;
- Let's create a token together using PyJWT;
- What is an access token and an ID token;
- Things to avoid to be safer with JWTs