chevron-up bell reply instagram twitter2 feed3 finder search-25px-p0

RESTful API with Authentication (Part 2)

2017-08-19

Compared with HTTP Basic Authentication and Access Token, API Key + Security Key + Sign is the most frequently used way of creating RESTful with Authentication. One Example using such a (similar) protocol is JWT https://jwt.io/. The workflow is (from its own website):

https://cdn.auth0.com/content/jwt/jwt-diagram.png

The JWT is just a string consisted of header, payload and signature.

  • Header
    Describe the basic informaton about the JWT, such as the encrpytion algorithm.

The above example shows this jwt is using HS256

  • Payload

iss: JWT issuer
iat: issued at what time
exp: JWT expiration date and time
aud: Audience claim, this JWT intended for which users
sub: Subject claim,

  • Signature

JWT is using base64 to encode payload and header and put them together and encrpyt with a secret provided by user in the following format:


Some JWT tools:

https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32

Related Post: RESTful API with Authentication (Part 1)

arkilis

Comments: