reading-notes

Reading: Bearer Authorization

Introduction

This reading delves into Bearer Authorization, focusing on JSON Web Tokens (JWTs) and their usage in securing web applications.

Intro to JWT

JSON Web Token (JWT)

A JSON Web Token (JWT) is a compact and self-contained mechanism for securely transmitting information between parties as a JSON object. It is commonly used for authentication and authorization in web applications.

Usage of JWTs

JWTs are typically used when:

• Implementing stateless authentication mechanisms.
• Providing single sign-on (SSO) across multiple domains or services.
• Securing APIs and ensuring the integrity of transmitted data.

Structural Components of a JWT

Claims, which represent pieces of information about the entity (user) and additional metadata, are expected in the payload component of a JWT.

Security of JWTs

While JWTs are secure when used correctly, simply being able to decode the payload of a JWT does not make it insecure. To ensure security, both the sender and receiver must know the secret key used to sign and verify the JWT.

JWTs Explained

Benefits of JWTs

JWTs are compact and self-contained, meaning all necessary information is contained within the token itself. This makes them easy to transmit over HTTP headers and suitable for use in stateless communication.

Components of a JWT Signature

The JWT signature consists of three components:

1. Header: Contains metadata about the type of token and the signing algorithm.
2. Payload: Contains the claims and additional information about the entity.
3. Signature: A cryptographic signature generated by combining the encoded header, encoded payload, and a secret key.

Reflection

After reading about Bearer Authorization and JWTs, my learning goals include mastering the implementation of JWT-based authentication and authorization in web applications. I aim to explore the npm jsonwebtoken library documentation and gain hands-on experience in securely implementing JWTs in my projects.