If you’ve read any recent article or blog post that talks about modern authentication, you’ve undoubtedly heard about JSON Web Tokens (JWTs). If you’re like many, you may have heard or even played around with JWTs, but never fully understood what they are all about.
Table of Contents
At Auth0, we live and breathe JSON Web Tokens. It is our goal to make the Internet a safer place, and we feel that JWTs can help. We wrote this handbook to give you a one-stop shop for all things JSON Web Tokens (JWTs) so that you can learn everything you ever wanted to know about tokens and token-based authentication.
JSON Web Token is an IETF open standard (RFC 7519) aimed at providing a well defined way of exchanging verified claims between two or more parties. That’s a fancy way of saying “it’s a defined method of sharing data that can be verified to be valid.”
The biggest benefit to using JWTs is that they are compact and self contained. JWTs are also relatively ease to learn and use. Every major language and framework supports JWTs in some shape or form.
JWTs have found their way into several authentication frameworks. The most important of these is OpenID Connect, an authentication layer built on top of OAuth2. Modern authentication is difficult to get right, but following well established standards such as those defined with the JWT RFC, can make the process much more manageable.
The obvious place to look for information regarding JSON Web Tokens would be it’s official specification. However, the full spectrum of JWT and associated technologies is scattered between five different RFCs: JSON Web Token (RFC 7519), JSON Web Signature (RFC 7515), JSON Web Encryption (RFC 7516), JSON Web Key (RFC 7517), and JSON Web Algorithms (RFC 7518). Putting all the pieces together can be a daunting task. This is where the JWT Handbook comes into play.
The JWT Handbook was born out of our personal experience working with JSON Web Tokens at Auth0. It is a collection of all that is necessary to learn, understand, and use JWTs, with practical applications and full code examples. Here is what you will find in the current version of the handbook:
- An in-depth introduction to JSON Web Tokens and why they matter
- Practical applications with full code examples, including federated identity and stateless sessions
- Full details on how to construct and parse JWTs
- Details on how signatures work and can be created and verified
- Encryption and decryption with JSON Web Tokens
- JSON Web Keys definition and practical applications
- Descriptions of signing algorithms that can be used with JWTs (currently in progress).
We aim at providing frequent updates and examples that provide deeper insights into JWTs in future releases of the handbook.
Whether you are totally new to JWTs or a veteran looking to expand your knowledge, the Auth0 JWT Handbook is sure to have something in store for you. You can get the book for free, by paying with a tweet, here.
We hope you find the handbook a useful reference for all things JWT! Keep in touch for future updates.