Application scenario:
Authorization: This is the most common scenario for using JWT.
Information exchange: JSON Web token is a good way to transmit information safely between parties.
JSON Web Token consists of three parts, with dots (? . ? ), they are:
page header
actual load
Signature? symbol
JWT usually looks like this:
Title. Payload. Signature
Title:
It usually consists of two parts: the token type (JWT) and the signature algorithm used (such as HMAC SHA256 or RSA).
{ ? " alg": "HS256 "," typ": "JWT"}
Base64Url encodes this JSON to form the first part of JWT.
Payload:
Payload, including declarations. A statement is a statement about an entity (usually a user) and additional data. Creditor's rights are divided into three categories: registered creditor's rights, public creditor's rights and private creditor's rights.
{ ? "sub":" 1234567890 ","name ":"anonymous ",? " admin": true}
Base64Url encodes the payload to form the second part of JSON Web token.
Signature? Signature:
If you want to use the HMAC SHA256 algorithm, the signature will be created as follows:
HMACSHA256(
? base64UrlEncode(header) +"。 +
? Base64UrlEncode (payload),
? Secret)
Parameter description:
HMACSHA256: SHA256 is used because there is ALG: HS 256 in the header. If it is alg:HS 128, it is HMACSHA28.
Base64 urlencode:base64 three characters used in base64 are "+","/"and "=". Because they have special meanings in the URL, they are replaced by "=" deleted, "+"replaced by "-"and "/"replaced by "_" in the Base64URL. This is the Base64URL algorithm.
Secret: the key given by the server.
Signature: Finally, the value after HMACSHA256 is Base64URL, which is a required signature.
The output is three Base64-URL strings separated by dots, which can be easily passed in HTML and HTTP environments and is more compact than XML-based standards such as SAML.