How do JSON web markers work? Not sure what is different from cookies

Question

How do JSON web markers work? Not sure what is different from cookies

When using cookies, they are stored on the server and compared with those that come in the request from the client. What is JWT versus? are they decoded into their components?

+3

security cookies login token jwt

ilyo May 07 '15 at 9:02 am

source to share

1 answer

frasertweedale · Accepted Answer · 2015-05-08T06:45:35+0000

JSON Web Signature (JWS) JWT is "versus" nothing; rather, it is verified using a cryptographic key. Various algorithms are supported . The JWT validating system must have access to the appropriate key to validate a specific JWT.

For symmetric algorithms ( HS{256,384,512}

), the JWS object containing the token is validated using the HMAC construct with a SHA-2 cryptographic diver, with a shared secret key, i.e. the same key used to create the token must be used to validate it.

For asymmetric algorithms ( {RS,ES,PS}{256,384,512}

), the JWS object containing the token is verified using the RSASSA-PKCSv1.5 ( RS

), ECDSA ( ES

), or RSASSA-PSS ( PS

) algorithms with SHA-2, using the public key corresponding to the private key used to sign the JWS.

The JWS validation process (JWT is always serialized using JWS compact serialization) is defined in the JWS Internet-Draft . In short, the token is split into three parts: header (base64 encoded JSON object), payload (base64 encoded octet string, for JWT, JSON JWT claims object), and signature (base64 encoded octet string). The header specifies the algorithm to use, and that algorithm is used to verify the signature that is computed through ASCII(BASE64URL(UTF8(Header)) || '.' || BASE64URL(Payload))

(this signature entry is an exactly serialized JWT up to but not including the second period.)

How do JSON web markers work? Not sure what is different from cookies

More articles: