In this lesson we will look at all of the pieces that combine together to create a JWT (j AWT) or JSON Web Token. You will use node to create a JWT, and then verify it in the JWT debugger.

What is the JSON Web Token structure?

JSON Web Tokens consist of three parts separated by dots (.), which are:

  • Header
  • Payload
  • Signature

Therefore, a JWT typically looks like the following.

xxxxx.yyyyy.zzzzz

Let's break down the different parts.

Create a header:

The header typically consists of two parts: the type of the token, which is JWT, and the hashing algorithm being used, such as HMAC SHA256 or RSA.

let header = {

  typ: 'JWT',

  alg: 'HS256'

};

header = new Buffer(JSON.stringify(header)).toString('base64');

console.log(header);

Create a paylaod:

The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional metadata. There are three types of claims: reservedpublic, and privateclaims.

let payload = {

  iat: Date.now(),

  iss: 'nodebotanist',

  username: 'nodebotanist'

};

payload = new Buffer(JSON.stringify(payload)).toString('base64');

console.log("payload", payload);

Create a signature:

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way:

HMACSHA256(

  base64UrlEncode(header) + "." +

  base64UrlEncode(payload),

  secret)
let key = header + '.' + payload;

let signature = crypto.createHmac('sha256', 'zhentian');

signature.update(key);

key = signature.digest('base64');

let token = header + '.' +payload + '.' + key

console.log("token", token)

----------------

let header = {

  typ: 'JWT',

  alg: 'HS256'

};

header = new Buffer(JSON.stringify(header)).toString('base64');

console.log(header);

let payload = {

  iat: Date.now(),

  iss: 'nodebotanist',

  username: 'nodebotanist'

};

payload = new Buffer(JSON.stringify(payload)).toString('base64');

console.log("payload", payload);

let key = header + '.' + payload;

let signature = crypto.createHmac('sha256', 'zhentian');

signature.update(key);

key = signature.digest('base64');

let token = header + '.' +payload + '.' + key

console.log("token", token)

Debugger

[Node.js] Creating JWTs (JSON Web Tokens) in Node的更多相关文章

  1. JSON Web Tokens(JWT)

    现在API越来越流行,如何安全保护这些API? JSON Web Tokens(JWT)能提供基于JSON格式的安全认证.它有以下特点: JWT是跨不同语言的,JWT可以在 .NET, Python, ...

  2. Implement JSON Web Tokens Authentication in ASP.NET Web API and Identity 2.1 Part 3 (by TAISEER)

    http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-an ...

  3. Koa--基于Node.js平台的下一代web开发框架的安装

    koa 是由 Express 原班人马打造的,致力于成为一个更小.更富有表现力.更健壮的 Web 框架. 使用 koa 编写 web 应用,通过组合不同的 generator,可以免除重复繁琐的回调函 ...

  4. Node.js 从零开发 web server博客项目[express重构博客项目]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  5. Node.js 从零开发 web server博客项目[数据存储]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  6. Node.js 从零开发 web server博客项目[登录]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  7. Node.js 从零开发 web server博客项目[接口]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  8. Node.js 从零开发 web server博客项目[项目介绍]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  9. JWT & JSON Web Tokens

    JSON Web Tokens https://jwt.io json web token example https://jwt.io/introduction/ https://medium.co ...

随机推荐

  1. linux下查看机器的硬件信息:

    查看CPU信息(型号) # cat /proc/cpuinfo | grep name | cut -f2 -d: | uniq -c       8  Intel(R) Xeon(R) CPU    ...

  2. *[codility]GenomicRangeQuery

    http://codility.com/demo/take-sample-test/genomicrangequery 这题有点意思.一开始以为是RMQ或者线段树,但这样要O(n*logn).考虑到只 ...

  3. msdn上wcf的介绍

    https://msdn.microsoft.com/zh-cn/library/dd456779(v=vs.110).aspx Windows Communication Foundation Ar ...

  4. Eclipse设置、问题解决方案

    Eclipse设置: 1.如何把eclipse关闭提示调出来? 可以这样打开这个提示:选择 Windows --Preferences,在左边树上选择“General” --“Startup and ...

  5. BZOJ_1618_ [Usaco2008_Nov]_Buying_Hay_购买干草(动态规划,完全背包)

    描述 http://www.lydsy.com/JudgeOnline/problem.php?id=1618 有n种物品,每种物品有价值和重量,可以无限拿.现在要满足价值之和大于等于h,问最小重量. ...

  6. NOI2014 魔法森林

    3669: [Noi2014]魔法森林 Time Limit: 30 Sec  Memory Limit: 512 MBSubmit: 106  Solved: 62[Submit][Status] ...

  7. 浅谈 HTML5 的 DOM Storage 机制 (转)

    在开发 Web 应用时,开发者有时需要在本地存储数据.当前浏览器支持 cookie 存储,但其大小有 4KB 的限制.这对于一些 Ajax 应用来说是不够的.更多的存储空间需要浏览器本身或是插件的支持 ...

  8. 录制屏幕(gif)便于在博客中嵌入软件licecap

  9. Lua中实现队列(高效方式)

    转自http://www.cnblogs.com/stephen-liu74/archive/2012/06/25/2417894.html 在Lua中实现队列的简单方法是使用table库函数inse ...

  10. Hadoop HDFS的常用命令

    1.将目录/root/data/下的item.txt复制到HDFS下的/user/root下: hadoop fs -copyFromLocal /root/data/item.txt itemdat ...