JWT Design

JSON Web Tokens (JWTs) have become the de facto standard for securely transmitting information between parties as a compact, URL-safe method. This post will look at the design of JWTs, exploring their structure, components, and security considerations.

The Three-Part Structure: Header, Payload, and Signature

A JWT is essentially a digitally signed JSON object composed of three parts separated by periods (.):

Header: Contains metadata about the token, including the token type and the signing algorithm used.
Payload: The heart of the JWT, carrying the actual data being transmitted. This data is typically a JSON object.
Signature: A cryptographic signature used to verify the integrity and authenticity of the token. This ensures the token hasn’t been tampered with and was issued by a trusted source.

Let’s visualize this structure with a Diagram:

flowchart LR
    A[Header JSON] --> B(Base64Url Encode)
    B --> C{JWT}
    D[Payload JSON] --> E(Base64Url Encode)
    E --> C
    F[Signature] --> C
    subgraph Validation
        C -.-> G[Verification]
    end
    
    style A fill:#f9f9f9
    style D fill:#f9f9f9
    style F fill:#f9f9f9
    style C fill:#e6e6ff
    style G fill:#90EE90

The diagram shows JWT creation flow with header and payload encoding, combining with signature, and verification step.

The header is a JSON object typically containing two claims:

alg: The signing algorithm used (e.g., HS256, RS256). This dictates the cryptographic method used to generate the signature.
typ: Specifies the type of token, usually “JWT”.

Example Header (JSON):

{
  "alg": "HS256",
  "typ": "JWT"
}

This header is then base64url encoded.

Payload

The payload contains the claims (data) about the authenticated entity. Claims can be registered (standardized) or custom. Common registered claims include:

iss: Issuer of the token.
sub: Subject (the user or entity the token represents).
aud: Audience (the intended recipient of the token).
exp: Expiration time (in Unix timestamp).
nbf: Not Before (Unix timestamp).
iat: Issued At (Unix timestamp).
jti: JWT ID (unique identifier for the token).

Example Payload (JSON):

{
  "iss": "example.com",
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true,
  "exp": 1678886400 //Example Unix timestamp
}

This payload is also base64url encoded.

Signature Generation

The signature is created by signing a concatenated string of the base64url encoded header and payload using the specified signing algorithm and a secret key (for symmetric algorithms like HS256) or a private key (for asymmetric algorithms like RS256).

Example using HS256 (symmetric):

This example is conceptual and omits detailed cryptographic implementation. Real-world implementation requires a cryptographic library.

import jwt
import base64

header = {"alg": "HS256", "typ": "JWT"}
payload = {"sub": "1234567890", "name": "John Doe"}
secret_key = "your-256-bit-secret"

encoded_jwt = jwt.encode(payload, secret_key, algorithm="HS256")
print(encoded_jwt)

#Verification 
decoded_jwt = jwt.decode(encoded_jwt, secret_key, algorithms=["HS256"])
print(decoded_jwt)

This Python code snippet demonstrates JWT creation and verification using the PyJWT library. Remember to replace "your-256-bit-secret" with a strong, randomly generated secret key.

Asymmetric Signature (RS256): Similar process but uses a private key to sign and a public key to verify. This requires managing key pairs, usually through certificate authorities.

Security Considerations

Secret Key Management: Securely store and manage your secret keys. Avoid hardcoding them directly in your application.
Algorithm Selection: Choose a well-vetted signing algorithm. HS256 is suitable for many applications, while RS256 offers stronger security for scenarios where key distribution is a concern.
Token Expiration: Set appropriate expiration times to limit the validity of tokens.
HTTPS: Always transmit JWTs over HTTPS to prevent interception.
Input Validation: Validate all claims in the payload to prevent injection attacks.