Notice: This page requires JavaScript to function properly.
Please enable JavaScript in your browser settings or update your browser.
What is JWT? | Authentication with JWT
Professional Web API with Flask
course content

Course Content

Professional Web API with Flask

Professional Web API with Flask

1. Introduction to the Course
2. Database and Models
3. Flask-Smorest and Schemas
4. Endpoints with Blueprints and MethodView
5. Authentication with JWT
6. Deployment

book
What is JWT?

Imagine a digital passport that grants you access to various online services and applications, a key that unlocks multiple doors without the need for a cumbersome keychain. This is the essence of a JWT, or JSON Web Token. It's a sleek, compact token that efficiently facilitates the secure exchange of information between parties in the cyber world.

This compact, URL-safe string is divided into three parts, separated by dots (.), which are:

Header

The first part is the Header, which is typically composed of two parts: the type of token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

Payload

The second part is the Payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional metadata. There are three types of claims: registered, public, and private claims.

Signature

The third part is the Signature. To create the signature part, you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that. The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.


The output is three Base64-URL strings separated by dots that can be easily passed in HTML and HTTP environments. When the JWT is used, the receiver of the JWT will decode the header and payload, verify the signature with the header algorithm and secret/key, and use the claims in the payload as required.

Remember, the payload is encoded but not encrypted, meaning it can be decoded and read by anyone. Do not put secret information in the payload unless it is encrypted.

In JWT, how is the signature part generated?

In JWT, how is the signature part generated?

Select the correct answer

Everything was clear?

How can we improve it?

Thanks for your feedback!

Section 5. Chapter 1
We're sorry to hear that something went wrong. What happened?
some-alt