JWT (JSON Web Token)

Introduction to JSON Web Tokens

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSA or ECDSA.

When should you use JSON Web Tokens?

Here are some scenarios where JSON Web Tokens are useful:

Authorization: This is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.

Information Exchange: JSON Web Tokens are a good way of securely transmitting information between parties. Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn't been tampered with.

What is the Structure of JSON Web Tokens?

In its compact form, JSON Web Tokens consist of three parts separated by dots (.), which are:

Header
Payload
Signature


          Therefore, a JWT typically looks like the following.

header.payload.signature

Let's break down the different parts.

Header:

The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA.

Then, this JSON is Base64Url encoded to form the first part of the JWT.

Payload:

The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional data. The payload is then Base64Url encoded to form the second part of the JWT.


        Set JSON Claims for the JWT with the following parameters:


Signature

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

For example if you want to use the RS 256 algorithm, the signature will be created in the following way:



The output is three Base64-URL strings separated by dots that can be easily passed in HTML and HTTP environments. The following shows a JWT that has the previous header and payload encoded, and it is signed with a secret.



Comments

  1. Nathan DuferenceOctober 16, 2020 at 5:04 PM

    Thank you for sharing such useful information. I really enjoyed while reading your article and it is good to know the latest updates. Do post more. And also read about leadingSalesforce Service Cloud Consultant

    ReplyDelete

Post a Comment

Popular posts from this blog

Communicating between Independent LWC in Omniscript

Image
This is a simple example that shows a button that, when clicked, publishes a message. This shows how two separate custom LWCs can communicate with each other inside of an OmniScript. Below is the overall design using the Pub/Sub model. So, lets get started! Step 1: Create a LWC component and use below code to fire events with parameters to pass an omniscript and component to Community Page. Below is the HTML and JS code for reference. SampleLWCComponent.html < template > < lightning-button label = "Send Event" onclick = {handleClick} ></ lightning-button > </ template > SampleLWCComponent.js import { LightningElement } from 'lwc' ; import pubsub from 'vlocity_ins/pubsub' ; export default class SampleLWCComponent extends LightningElement { handleClick ( e ){ let accId = '0015g00000gWY8VAAW' ; pubsub . fire ( "handlePubSubEventChange" , "result" , { "accId" : ac
Read more

Salesforce Best Features available

Image
 Salesforce Code Samples & Best Features available: 1. Get merged body without extra effort. EmailTemplate  emailTemplate = [Select Id FROM EmailTemplate where name =  'Test1' ];   Messaging . SingleEmailMessage  email = Messaging.renderStoredEmailTemplate(emailTemplate.Id, userinfo.getUserId(),AccountObj.Id); system.debug(email.plainTextBody); 2.  Business Hour Calculations example in apex: public   static   Boolean  checkBusinessHour(){          //business hour logic          List < BusinessHours > defaultBusinessHours = [SELECT  Id FROM  BusinessHours  WHERE  Name = 'Default'   AND  IsDefault =  TRUE  AND  IsActive = TRUE   Limit   1 ];                   // Find whether the time is within the default business hours          return  BusinessHours.isWithin(defaultBusinessHours[ 0 ].id, System.now());     } 3. Check boolean expression in apex: public   class  BooleanEx
Read more

Efficient way to write apex code

Image
Set.contains(element) Vs List.contains(element)  Guess What if I tell small things Matter!!!                     If you’re having a cup of tea, pause for a moment because next two minutes will reveal something simple yet less known it the world of Salesforce                     Set && List your favorite go to during the typical development cycle. But going forward you will definitely double check before using them. For Instance, look at this example                     Take two set of collections (Set<Integer> and List<Integer>). Now the crux of the discussion which one will give better performance. Lets get technical Which will give better performance Set or List ?      a.     I f collection is List :  List < Integer > listInteger = new List < Integer > (); for (Integer i = 0; i < 100000; i++) { listInteger.add(i); } Long start = DateTime.now().getTime(); System.debug('get ' + listInteger.contains(100000)); Long finish = DateTime.now
Read more