JSON Web Tokens, or JWTs, are a standardized way of representing a JSON-based data structure and transmitting it between two parties. JWTs rely on cryptographic signatures which ensure that the data transmitted in the JWT isn't modified during transit.

 

JWTs are designed to be extremely compact -- small enough to be transmitted in an HTTP header, for example -- and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They're based on a very simple and elegant algorithm that's easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.

 

Unfortunately, learning how to use JWTs can be complicated by the terminology that's commonly used. "Claims", "signatures", "body", "payload" -- a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.

 

This talk will cover:

* the structure of a JSON Web Token

* the algorithm for generating one

* available libraries and tooling

* some common scenarios where JWTs can be used.

 

Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.