Reputation: 3
How does a JSON Web Token verify users on authentication?
How does a JSON Web Token verify a user on authentication? Does the JWT store user data?
If so, how can I get a list of users who have done authentication?
Upvotes: 0
Views: 153
Answers (1)
Reputation: 131077
In the context of token-based authentication, a token is a piece of data that identifies a user, working as a credential to perform authentication.
JWT is a self contained token that contains three parts:
- Header
- Payload
- Signature
The payload contains a set of claims and you can use it to store any arbitrary data.
The integrity of the token can be checked by verifying the signature that is generated on server side with a private key, using both header and payload encoded as Base64. JWT allows you to perform stateless authentication, that is, you don't need to store anything on server side besides the key used to sign the token.
sub is the standard payload claim to store the principal who is the subject of the JWT (the user who the token was issued for):
The
sub(subject) claim identifies the principal that is the subject of the JWT. The claims in a JWT are normally statements about the subject. The subject value MUST either be scoped to be locally unique in the context of the issuer or be globally unique. The processing of this claim is generally application specific. Thesubvalue is a case-sensitive string containing a StringOrURI value. Use of this claim is OPTIONAL.
Upvotes: 1
Related Questions
- JSON Web Token (JWT) : Authorization vs Authentication
- Authentication using jwt how to validate http requests
- How does JWT do Authentication
- How the server verifies the JWT client?
- How is JSON Web Token Based authentication stateless?
- How JWT actually works with Spring MVC to create token and validate token?
- Understanding JSON Web Token (JWT) in context of web authentication
- Json Web Token + User Authentication
- JSON Web Tokens (JWT) - Validate Client
- Json Web Token example for Java