JWT Fundamentals
JSON Web Token (JWT) is a standard that allows you to securely transmit data between parties as a self-contained JSON object. This course will teach you exactly how JWTs work and how best to use them, regardless of your programming language or framework.
What you'll learn
JSON Web Tokens (JWT) are a security token format popular in protocols such as OAuth2 and OpenID Connect. In this course, JWT Fundamentals, you’ll learn about the JSON Web Token (JWT) standards and how to use them effectively. First, you’ll explore why JWTs exist, when to use them, and when not to. Next, you’ll discover how JWTs are protected using signing and encryption. Finally, you’ll learn security best practices for using and validating JWTs. When you’re finished with this course, you’ll have the skills and knowledge of JWTs needed to use them effectively in any programming language or framework.
Table of contents
- Overview 1m
- How to Create a JWT 7m
- How to Validate a JWT 3m
- Using Standard Claim Types for Common JWT Functionality 7m
- JWTs in Use: OpenID Connect’s Identity Token 6m
- JWTs in Use: JWT Profile for OAuth Access Tokens 5m
- Useful JWT Tools 3m
- JWT Libraries 1m
- Demo: JWTs in Python with Authlib 3m
- Demo: JWTs in JavaScript with jose 3m
- Demo: JWTs in C# with Microsoft.IdentityModel 3m
- Summary 2m
- Overview 1m
- Understanding Digital Signatures and Signing Keys 3m
- JSON Web Algorithms (JWA) and JWS 4m
- Signing Algorithm: RSASSA-PKCS1-v1_5 (e.g. RS256) 3m
- Signing Algorithm: RSASSA-PSS (e.g. PS256) 1m
- Signing Algorithm: ECDSA (e.g. ES256) 4m
- Signing Algorithm: EdDSA 2m
- Digital Signatures vs. Message Authentication Codes (e.g. HS256) 2m
- Summary 2m
About the author
Scott Brady is a software developer specializing in identity and access management. Focusing on ASP.NET, Scott has increasingly found himself in undocumented territory, piecing together the facts and attempting to pass them on so that others don't have to go through the same. Scott currently work as a Senior Software Engineer for Rock Solid Knowledge and is a contributor to the IdentityServer OSS project, the leading OpenID Connect and OAuth framework for .NET.