In this lesson we will look at all of the pieces that combine together to create a JWT (j AWT) or JSON Web Token. You will use node to create a JWT, and then verify it in the JWT debugger.

What is the JSON Web Token structure?

JSON Web Tokens consist of three parts separated by dots (.), which are:

  • Header
  • Payload
  • Signature

Therefore, a JWT typically looks like the following.

xxxxx.yyyyy.zzzzz

Let's break down the different parts.

Create a header:

The header typically consists of two parts: the type of the token, which is JWT, and the hashing algorithm being used, such as HMAC SHA256 or RSA.

let header = {

  typ: 'JWT',

  alg: 'HS256'

};

header = new Buffer(JSON.stringify(header)).toString('base64');

console.log(header);

Create a paylaod:

The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and additional metadata. There are three types of claims: reservedpublic, and privateclaims.

let payload = {

  iat: Date.now(),

  iss: 'nodebotanist',

  username: 'nodebotanist'

};

payload = new Buffer(JSON.stringify(payload)).toString('base64');

console.log("payload", payload);

Create a signature:

To create the signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.

For example if you want to use the HMAC SHA256 algorithm, the signature will be created in the following way:

HMACSHA256(

  base64UrlEncode(header) + "." +

  base64UrlEncode(payload),

  secret)
let key = header + '.' + payload;

let signature = crypto.createHmac('sha256', 'zhentian');

signature.update(key);

key = signature.digest('base64');

let token = header + '.' +payload + '.' + key

console.log("token", token)

----------------

let header = {

  typ: 'JWT',

  alg: 'HS256'

};

header = new Buffer(JSON.stringify(header)).toString('base64');

console.log(header);

let payload = {

  iat: Date.now(),

  iss: 'nodebotanist',

  username: 'nodebotanist'

};

payload = new Buffer(JSON.stringify(payload)).toString('base64');

console.log("payload", payload);

let key = header + '.' + payload;

let signature = crypto.createHmac('sha256', 'zhentian');

signature.update(key);

key = signature.digest('base64');

let token = header + '.' +payload + '.' + key

console.log("token", token)

Debugger

[Node.js] Creating JWTs (JSON Web Tokens) in Node的更多相关文章

  1. JSON Web Tokens(JWT)

    现在API越来越流行,如何安全保护这些API? JSON Web Tokens(JWT)能提供基于JSON格式的安全认证.它有以下特点: JWT是跨不同语言的,JWT可以在 .NET, Python, ...

  2. Implement JSON Web Tokens Authentication in ASP.NET Web API and Identity 2.1 Part 3 (by TAISEER)

    http://bitoftech.net/2015/02/16/implement-oauth-json-web-tokens-authentication-in-asp-net-web-api-an ...

  3. Koa--基于Node.js平台的下一代web开发框架的安装

    koa 是由 Express 原班人马打造的,致力于成为一个更小.更富有表现力.更健壮的 Web 框架. 使用 koa 编写 web 应用,通过组合不同的 generator,可以免除重复繁琐的回调函 ...

  4. Node.js 从零开发 web server博客项目[express重构博客项目]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  5. Node.js 从零开发 web server博客项目[数据存储]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  6. Node.js 从零开发 web server博客项目[登录]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  7. Node.js 从零开发 web server博客项目[接口]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  8. Node.js 从零开发 web server博客项目[项目介绍]

    web server博客项目 Node.js 从零开发 web server博客项目[项目介绍] Node.js 从零开发 web server博客项目[接口] Node.js 从零开发 web se ...

  9. JWT & JSON Web Tokens

    JSON Web Tokens https://jwt.io json web token example https://jwt.io/introduction/ https://medium.co ...

随机推荐

  1. codeforces Winner

    /* * Winner.cpp * * Created on: 2013-10-13 * Author: wangzhu */ /** * 先找出所有选手的分数和中最大的分数和,之后在所有选手的分数和 ...

  2. 【HDOJ】1669 Jamie's Contact Groups

    二分+二分图多重匹配. /* 1669 */ #include <iostream> #include <string> #include <map> #inclu ...

  3. Form.block Trigger DML常规写法

    Block的数据源是View的,如果想操作数据,需要注意在以下几个Trigger里面写代码: 一般建议创建View的时候包含rowid字段. on-lock: select inventory_ite ...

  4. Case Studies: Retail and Investment Banks Use of Social Media

    The past couple of months have seen an increased acknowledgement of the role social media has to pla ...

  5. 转 Xcode磁盘空间大清理

    http://www.iwangke.me/2013/09/09/clean-xcode-to-free-up-disk-space/#jtss-tsina 我的设备是Macbook Air 13’ ...

  6. (转载)PHP的内存限制 Allowed memory size of 134217728 bytes exhausted (tried to allocate 1099 bytes) in

    (转载)http://blog.csdn.net/beyondlpf/article/details/7794028 Fatal error: Allowed memory size of 13421 ...

  7. zookeeper服务器端管理工具

    zookeeper基本是基于API和console进行znode的操作,并没有一个比较方便的操作界面,这里也发现了taobao 伯岩写的一个工具,可以比较方便的查询zookeeper信息. 工具的开发 ...

  8. javascript 关于cookie的操作

    <script language=javascript> //获得coolie 的值 function cookie(name){ var cookieArray=document.coo ...

  9. 【转】由DFT推导出DCT

    原文地址:http://blog.sina.com.cn/s/blog_626631420100xvxd.htm 已知离散傅里叶变换(DFT)为: 由于许多要处理的信号都是实信号,在使用DFT时由于傅 ...

  10. bzoj 1875 [SDOI2009]HH去散步(矩乘)

    Description HH有个一成不变的习惯,喜欢饭后百步走.所谓百步走,就是散步,就是在一定的时间 内,走过一定的距离. 但是同时HH又是个喜欢变化的人,所以他不会立刻沿着刚刚走来的路走回. 又因 ...