* Engineer @ Zimbra
* Technical Evangelist
* Auth0 Ambassador
* Mozilla Reps Mentor
* CAC @ Mozilla
* GDG Nashik Organizer
* Rust Hacks @rusthack
@rowdymehul
1. Serverless
2. Authentication & Authorization
3. JWT
4. Deployment
Serverless, is an execution model where the cloud provider is responsible for executing a piece of code by dynamically allocating the resources. The code is typically run inside stateless containers that can be triggered by a variety of events including http requests, database events, queuing services, monitoring alerts, file uploads, scheduled events (cron jobs), etc. The code that is sent to the cloud provider for execution is usually in the form of a function. Hence serverless is sometimes referred to as “Functions as a Service” or “FaaS”.
credits: DZone
credits: DZone
source: dadario.com.br
source: dadario.com.br
The header is a JSON Object usually consisting of the type( typ ) , which is JWT, and the algorithm used for encrypting the JWT (alg ):
{
"alg": "HS256",
"typ": "JWT"
}
The Payload is a JSON object that consists of user defined attributes ( called public claims ) . Some attributes are defined in the standard ( these are called reserved claims ).
{
// reserved claim
"iss": "https://myapi.com",
// public claim
"user": "rowdymehul"
}
The Signature is the encoded header and payload, signed with a secret.
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret
)
This accomplishes several tasks at once, including:
A finished token looks like [encoded header].[encoded payload].[signature] :
Image Source: StackOverflow
Image source: medium.com
An open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords.
Resource Owner: the entity that can grant access to a protected resource. Typically this is the end-user.
Resource Server: the server hosting the protected resources. This is the API you want to access.
Client: the app requesting access to a protected resource on behalf of the Resource Owner.
/**
* @param context {WebtaskContext}
*/
module.exports = function(context, cb) {
cb(null, { hello: context.query.name || 'OWASP , Auckland 2019' });
};
General JWT Resources
jwt.io
JWT Handbook
http://bit.ly/jwt-book
WebTask
webtask.io
facebook.com/therowdymehul
@rowdymehul
@rowdymehul
https://in.linkedin.com/in/rowdymehul
way2mehul@gmail.com
Source: giphy.com