search
Join the Community

JWT Auth Tokens

hashtag
Use ioctl to issue a JWT

Every account ioctl created contains a pair of 256-bit private/public key. We can use it to sign and issue JWT:

➜  ioctl jwt sign --with-arguments '{"exp":"1608193125","sub":"weather","scope":"Create"}' -s my_account -y
Enter password #my_account

Enter your password to sign the token:

chevron-rightRead More about JWT Tokenshashtag

hashtag
What is JWT

JWT (JSON Web Token) is a very popular technology widely used in web API and user authentication. It contains certain access control claims, such as what data/resource can be access, the access expire time, and access rights (read, write, or delete).

The token is base64-encoded and digitally signed using a secret (with the HMAC algorithm) or a private key. By verifying the signature it can be guaranteed that the claims must come from the holder of the signing key.

In a nutshell, JWT consists of three parts separated by dot . , which are

  • Header

  • Payload

  • Signature

hashtag
Example

Here is an example of a JWT encoded token:

Decoding the header part:

gives the following header, indicating it is signed by ES256 algorithm (256-bit Elliptic-curve Signature):

Decoding the payload part:

gives the following claims:

where:

  • "exp" is the token's expiration time

  • "iat" is the token's issue time (you can convert date/time herearrow-up-right)

  • "iss" is the public key of issuer

  • "sub" is the subject, here it refers to a resource/data named weather

  • "scope" is the access control rights granted for the resource, here it allows to create

The signature in our example is:

that can be verified against the issuer public key iss above.

PreviousDecentralized Identifiers (DID)NextNative IoTeX Development