Sunday 18 February 2024

What are the parts of JWT Token Angular ?89

 What are the parts of JWT Token Angular ?

In Angular applications using JWT for authentication, a JWT token typically consists of three main parts:

1. Header:

  • This first part contains vital information about the token itself, including:

  • typ: Identifies the type of token as "JWT".

  • alg: Specifies the algorithm used for signing the token (e.g., HS256, RS256).

  • (Optional) kid: Key identifier for public keys in multi-signature setups.

2. Payload:

  • This central part carries the actual claims about the user and their permissions. Common claims include:

  • sub: Subject (user identifier).

  • iss: Issuer (entity that issued the token).

  • aud: Audience (intended recipient of the token).

  • exp: Expiration time (timestamp in seconds).

  • iat: Issued at time (timestamp in seconds).

  • (Optional) roles: User roles for authorization.

  • (Optional) other custom claims: Additional user information for specific use cases.

3. Signature:

  • This final part ensures the token's integrity and authenticity. It's created by signing the encoded header and payload using the issuer's secret key and the specified algorithm. The signature allows the receiving party to verify that the token hasn't been tampered with and indeed originates from the trusted issuer.

Here's a visual representation of the structure:

JWT Token
| Header (Base64Url encoded) | Payload (Base64Url encoded) | Signature (Base64Url encoded) |
--------                     --------                     --------
| { "typ": "JWT", "alg": "HS256" } | { "sub": "123", "exp": 1676578400 } | Base64 encoded signature |
--------                     --------                     --------

Additional notes:

  • All three parts are Base64Url encoded for efficient transmission and storage.

  • The claims in the payload determine the user's access rights and are used for authorization checks in your Angular application.

  • The signature ensures the token's validity and prevents unauthorized modifications.

Understanding these parts and their roles is crucial for effectively implementing JWT-based authentication in your Angular applications and maintaining secure user access control.

No comments:

Post a Comment

Note: only a member of this blog may post a comment.