i’m having a trouble understanding JWT. can you help me?
Sure @pilipinass123 - there are a few good resources for getting started with JWT:
- Get Started with JSON Web Tokens
- Similar content to the above - JSON Web Tokens
- JWT eBook
- Auth0 Quickstarts
A [JWT] (RFC 7519: JSON Web Token (JWT)) defines a way to transfer data between two parties. It consists of three parts separated by dots (.), which are:
- Header
- Payload
- Signature
Therefore it typically looks like: xxxxx.yyyyy.zzzzz You can use https://jwt.io/ to decode it and see the claims it contains.
To get an id token or an [access token] (Access Tokens) you can use Auth0.js, Lock.js, [the Authentication API] (https://auth0.com/docs/api/authentication) or any other library for another language. A common use would be to use the [hosted login page] (Auth0 Universal Login) with Auth0.js and a SPA client as:
<script src="http://cdn.auth0.com/js/auth0/9.1.0/auth0.min.js"></script>
<script>
var webAuth = new auth0.WebAuth({
domain: {YOUR_AUTH0_DOMAIN},
clientID: {SPA_CLIENT_ID},
audience: {API_AUDIENCE},
redirectUri: '{CALLBACK_URL}',
scope: 'openid profile',
responseType: 'token id_token'
});
webAuth.authorize();
</script>
On the callback from the authorize request, you can use parseHash to get the JWT tokens:
webAuth.parseHash(function(err, authResult) {
if (authResult) {
var accessToken = authResult.accessToken;
var idToken = authResult.idToken;
// any other logic...
}
}
You can see more detailed information about JWTs [here] (JSON Web Tokens) and you should also check [OIDC conformant clients] (Applications in Auth0), [OIDC authentication] (OpenID Connect Protocol) and [how to call your APIs with the access token] (Access Tokens)
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.