JWT is a form of toke. The JWT value is header.{header}.header.{payload}.${signature}

header

Indicate which algorithm is used to create the signature

This JSON object contains two attributes: ALG and TYP. Alg is the signature algorithm type and is used to generate the signature part of JWT. The default value is HS256, while TYp is the current token type

{
  "alg": "HS256"."typ": "JWT"
}
Copy the code

paylod

JSON of the actual message

Payload contains seven officially defined attributes

Iss: issuer sub: subject aud: audience exp: expiration time NBF: effective time IAT: issue time Jti: numberCopy the code

signature

Use the header indicated by the algorithm produced by the garbled code

Signature Encrypts the string combined with the header and payload using the signature algorithm defined by the ALG attribute in the header. The encrypted string is signature

Provide a website for making JWT

Production of JWT

Let’s demonstrate this in Ruby

1. Install the gem package and bundle

cd testdemo
gem install jwt
vim Gemfile # add gem 'jwt'
bundle
Copy the code

2. Rails C practice

#No signature algorithm type is set2.7.2:005 > payload = {data: 'test'} => {:data=>"test"} 2.7.2:006 > token = jwt. encode payload, nil, 'none' = > "eyJhbGciOiJub25lIn0. EyJkYXRhIjoidGVzdCJ9." 2.7.2:007 > puts token eyJhbGciOiJub25lIn0. EyJkYXRhIjoidGVzdCJ9. Decoded_token = jwt. decode token, nil, false => [{"data"=>"test"}, {" alg "= >" none "}] 2.7.2:009 > puts decoded_token {" data "= >" test "} {" alg "= >" none "} = > nilCopy the code
#Set the signature algorithm type to HS256 (HMAC using SHA-256)hashAlgorithm)
#HS256 uses the same secret_key for signature and authentication (symmetric encryption). Once the secret_key is leaked, nothing# Security.
#Therefore, HS256 is only suitable for centralized authentication, where both signature and authentication must be performed by trusted parties.Hmac_secret = "my secret text" => "my secret text" 2.7.2:012 > token = jwt. encode payload, hmac_secret, 'HS256' = > "eyJhbGciOiJIUzI1NiJ9. EyJkYXRhIjoidGVzdCJ9. X-ray zKCN2I6HEvCUKysF3wNKzQ8MvpYhilh0GyA264dtQ" 2.7.2:013 > puts Token eyJhbGciOiJIUzI1NiJ9. EyJkYXRhIjoidGVzdCJ9. X-ray zKCN2I6HEvCUKysF3wNKzQ8MvpYhilh0GyA264dtQ = > nil 2.7.2:014 > decoded_token = JWT.decode token, hmac_secret, true, { algorithm: 'HS256' } => [{"data"=>"test"}, {" alg "= >" HS256}] 2.7.2:015 > puts decoded_token {" data "= >" test "} {" alg "= >" HS256} "= > nil 2.7.2:016 > token = JWT.encode payload, nil, 'HS256' = > "eyJhbGciOiJIUzI1NiJ9. EyJkYXRhIjoidGVzdCJ9. PVzcY2dX8JNM3LzIYeP2B1e1Wcpt1K3TWVvIYSF4x -o" 2.7.2:017 > puts Token eyJhbGciOiJIUzI1NiJ9. EyJkYXRhIjoidGVzdCJ9. PVzcY2dX8JNM3LzIYeP2B1e1Wcpt1K3TWVvIYSF4x - o = > nil 2.7.2:018 > decoded_token = JWT.decode token, nil, true, { algorithm: 'HS256' } Traceback (most recent call last): 1: From (IRB):18 JWT::DecodeError (No verification key available) 2.7.2:019 > puts decoded_token {"data"=>"test"} {"alg"=>"HS256"} => nilCopy the code
#RS256 uses the RSA private key for signature and the RSA public key for authentication. If the public key is leaked, it does not matter, as long as the private key is secured# will do.
#RS256 can delegate validation to other applications simply by giving them the public key.2.7.2:021 > rsa_private = OpenSSL: : PKey: : RSA. The generate 2048 = > # < OpenSSL: : PKey: : RSA: 0 x00007f848afd3570 > 2.7.2:022 > Rsa_public = rsa_private. Public_key = > # < OpenSSL: : PKey: : RSA: 0 x00007f848aee8fe8 > 2.7.2:023 > token = JWT. Encode content,  rsa_private, 'RS256' => "eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.J3o8GKKn_0vt_SJl3WINHXgd_u88H... 2.7.2:024 > puts Token eyJhbGciOiJSUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.J3o8GKKn_0vt_SJl3WINHXgd_u88Hqiar8J5yRTSk_BiiaMduRV1xnkHcBd8A62O08eNQH7gPyPPw2 H2RqOUMPg9mVYfTHdyXWKKYipNQ2VVU7lzrXYIwOCHuZhSfzfZHbrMEn7Jc-Tc4Lq0t4FqqUeppIQ-o6yy41DSX_xpGBZ78MqpymkPhtGo871EUU08CXkSPI R8UZHu6YR8WFO-ZlrywgZjeFp6gfGdyb0lev3bV65D2pJsbHOYHToTcHLIum-2EYlu9VVfOuBTn_KncYdPcHVmgPPDTCBL2r487uVW_neUZDoHVGnbhekho5 7hn7av-sbc18jp7aqebiQQow => nil 2.7.2:025 > decoded_token = jwt. decode token, rSA_public, true, {algorithm: 'RS2 56' } => [{"data"=>"test"}, {" alg "= >" RS256}] 2.7.2:026 > puts decoded_token {" data "= >" test "} {" alg "= >" RS256 "} = > nilCopy the code
#ES256 and RS256 use private key signature and public key authentication. There is not much difference in algorithm speed, but its signature length is relatively short# more (save traffic), and the algorithm strength is similar to RS256.2.7.2:027 > ecdsa_key = OpenSSL: : PKey: : EC. The new 'prime256v1' = > # < OpenSSL: : PKey: : EC: 0 x00007f848a297ac8 > 2.7.2:028 > Ecdsa_key. Generate_key = > # < OpenSSL: : PKey: : EC: 0 x00007f848a297ac8 > 2.7.2:029 > ecdsa_public = OpenSSL: : PKey: : EC. New Ecdsa_key = > # < OpenSSL: : PKey: : EC: 0 x00007f8489f75340 > 2.7.2:030 > ecdsa_public. Private_key = nil = > nil 2.7.2:031 > token = JWT.encode payload, ecdsa_key, 'ES256' => "eyJhbGciOiJFUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.SCYVfzGZ1VtSHuiJhIdEhsEjE_GzU... 2.7.2:032 > puts Token eyJhbGciOiJFUzI1NiJ9.eyJkYXRhIjoidGVzdCJ9.SCYVfzGZ1VtSHuiJhIdEhsEjE_GzUKqDvWMa7By7jc4gtDDvVJss7_s1SCAeBcar2QKNoKy6pN9fSb CYCtFEzw => nil 2.7.2:033 > decoded_token = jwt. decode token, ecdsa_public, true, {algorithm: 'E S256' } => [{"data"=>"test"}, {" alg "= >" ES256}] 2.7.2:034 > puts decoded_token {" data "= >" test "} {" alg "= >" ES256 "} = > nilCopy the code

The above three algorithms are commonly used in JWT, with an example I read in Jane’s book!

JWT builds the Rails API to authorize login