Json Web Token / oauth_token / auth_token
- Usage?
JWTs consist of three parts: [header + payload + signature]. These parts are concatenated together with dots to form the token
- How JWTs are used for authentication
sequenceDiagram
rect rgb(236, 232, 242)
participant dns as DNS
participant cdn as CDN
participant ub as User-Browser
box AWS
participant lb as LoadBalancer
participant as as Application Server
RESTFul Service
participant auth as Auth_Service
end
participant idp as IDP
note over ub: HTTP GET test.com
ub ->> dns: IP of test.com
dns ->> ub: IP of CDN
ub ->> cdn: HTTP GET test.com
cdn ->> ub: Home Page
note over ub: User enters username,pass
ub ->> lb: HTTP GET test.com(user,pass)
lb ->> as: HTTP GET test.com(user,pass)
as ->> ub: HTTP Redirect http://auth_svc
ub ->> auth: http://auth_svc?user?pass
auth ->> idp: ?user?pass
idp ->> auth: SAML Assertion(Authenticated)
auth ->> ub: JWT Token(Json Object)
note over auth:JWT=(header + payload(username)
+ signature(Digital signature of payload))
note over ub: Stores JWT in cookie or cache
ub ->> as: CRUD(header(bearer token=JWT) + Body)
note over as: JWT expiry in 5 hours
Reissue JWT
end
Authenticate to RESTFul APIs
- JWT(Json Web Token)
sequenceDiagram
rect rgb(221, 240, 221)
participant u as UserApp
participant cdn as CDN
box AWS
participant cog as Amazon-Cognito
User,Pass store
participant s3 as Amazon-S3
end
s3 ->> cdn: HTML, css, javascript etc
note over u: Open www.test.com
u ->> cdn: GET test.com
cdn ->> u: HTML, css, javascript etc
note over u: Enter email, username, password
Submit.
u ->> cog: user,password,email
cog ->> u: Send Confirmation Code to Inbox
note over u: User enter code on test.com
User signs in
note over u: Javascript function in browser
communicate with cognito
u ->> cog: Authenticate using
Secure Remote Password protocol (SRP)
cog ->> u: JWT(JSON Web Token)
note over u: JWT would be used by
to communicate with RESTful APIs
end