JWT Auth Tokens
Use ioctl to issue a JWT
Every account ioctl created contains a pair of 256-bit private/public key. We can use it to sign and issue JWT:
➜ ioctl jwt sign --with-arguments '{"exp":"1608193125","sub":"weather","scope":"Create"}' -s my_account -y
Enter password #my_accountEnter your password to sign the token:
Read More about JWT Tokens
What is JWT
JWT (JSON Web Token) is a very popular technology widely used in web API and user authentication. It contains certain access control claims, such as what data/resource can be access, the access expire time, and access rights (read, write, or delete).
The token is base64-encoded and digitally signed using a secret (with the HMAC algorithm) or a private key. By verifying the signature it can be guaranteed that the claims must come from the holder of the signing key.
In a nutshell, JWT consists of three parts separated by dot . , which are
Header
Payload
Signature
Example
Here is an example of a JWT encoded token:
Decoding the header part:
gives the following header, indicating it is signed by ES256 algorithm (256-bit Elliptic-curve Signature):
Decoding the payload part:
gives the following claims:
where:
"exp"is the token's expiration time"iat"is the token's issue time (you can convert date/time here)"iss"is the public key of issuer"sub"is the subject, here it refers to a resource/data named weather"scope"is the access control rights granted for the resource, here it allows to create
The signature in our example is:
that can be verified against the issuer public key iss above.