{JSON Web Tokens}
O QUE SÃO TOKENS?
401
HTTP ERROR
UNAUTHORIZED
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzb21lX2lzc3VlciIsImV4cCI6MTUwMDgxOTM4MCwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.KRBf-VIq_1cPg2hiSW_WOuChVIwoeXVhPC3vAaCxatM
{
"alg": "none",
"typ": "JWT"
}HEADER
ALGORITHM & TOKEN TYPE
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}PAYLOAD
CLAIMS & DATA
Base64Url(Header)+
"."+
Base64Url(Payload)+
"."SIGNATURE
BASE64URL
+
-
/
_
=
none
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
.
eyJpc3MiOiJzb21lX2lzc3VlciIsImV4cCI6MTUwMDgxOTM4MCwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9
.
POSSO CONFIAR?
signature = alg(hearder+payload, secretKey)
- Hmac SHA [256|384|512]
- RSA [256|384|512]
- ...
Base64Url(Header)+
"."+
Base64Url(Payload)+
"."
Base64Url(Signature)SIGNATURE
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
.
eyJpc3MiOiJzb21lX2lzc3VlciIsImV4cCI6MTUwMDgxOTM4MCwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9
.
TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
COMO GARANTIR A INTEGRIDADE DO MEU TOKEN?
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzb21lX2lzc3VlciIsImV4cCI6MTUwMDgxOTM4MCwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.KRBf-VIq_1cPg2hiSW_WOuChVIwoeXVhPC3vAaCxatM
Header
Payload
Signature
secreteKey = "NodeUserGroupCeará"
EXEMPLO
CLIENT
SERVER
/api/login
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzb21lX2lzc3VlciIsImV4cCI6MTUwMDgxOTM4MCwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
/api/customers
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzb21lX2lzc3VlciIsImV4cCI6MTUwMDgxOTM4MCwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
secretKey
CLAIMS
- iss
- sub
- aud
- exp
- nfb
- iat
- jti
{
"iss": "YWZkYWRmYWZhc2RmYFzZGY",
"sub": "Z29vZ2xlZGV2ZWxvcHJlcw",
"aud": "9vZ2xlZc2RmYFzZcHJlWZh"
"iat": "14002931083",
"exp": "14009132984",
"nfb": "14005423984",
"jti": "ZGV2ZWxvcHJlZ29vZ2xlcw",
"data": { ... }
}PAYLOAD
CLAIMS & DATA
SÓ AUTÊNTICAÇÃO DE USUÁRIO?
