Using JWT in Token based authentication system
UltimateCoder (~ultimatecoder) |
JSON web Token is standard for exchanging authenticated claims between two clients. Normal Token based authentication generates random value as the token. That random Token is not describing information like expiration time, issuer information, custom user information ,etc. The client is highly dependent on server. Procidure like validating token, expiring token are highly dependant on server. It is to be noted that Database query is fired everytime for performing previously mentioned steps.
Comparing to above problems, JWT is URL safe, self-describing token. JWT allows user to add userdefine claims which are protected by digital signature. It supports HMAC, RSA and ECDSA family of algorithms for signature. Information like expiration time, issuer information, applicable audience and algorithm used for encryption is present as JOSE Header.
Because the token is signed, it is possible to authenticate user without firing query to Database. The praposed solution takes less load on server and it is best for scaling. OAuth 2.0 is based on JWT. I will demonstrate unpublished Django JWT module written by me.
My goal will be to describe Token based authentication system and highlite its faults. Detailed explaination of architecture of JSON Web Token. Why to choose JWT as a Token based authentication system. Demonstrate working example of JWT developed in Django.
Python environment installed with Django.
Full-stack developer by profession, a Computer scientist by heart, Actor by a gene. [Speak, Vimm, Organiz]er. Core member of PyKutch.