Introduction

Authentication

Objectives

Define one way password hashing
Define JSON Web Tokens (JWT)

One Way Hashing

Converting data into a fixed length hash string. You can only recreate the hash if you know the original data.

Applicable for saving passwords on your server

One Way Hashing Example

password

bcrypt

$2a$10$9Mconplm8A780pY6iB2q.eBwkdldFbnz2tSH2uqHEi5B9KTpR3O8.

Sign In (Authentication)

password

bcrypt

$2a$10$9Mconplm8A780pY6iB2q.eBwkdldFbnz2tSH2uqHEi5B9KTpR3O8.

Saved In DB:

Equal??

Trouble With Passwords

Users do not want to enter their passwords on every page

We need some proof that you have logged in in the past

JWT (JSON Web Token)

A web standard for storing signed data

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.

eyJ1c2VySWQiOiIxMjM0In0.

kud-czcx6yOSSQgB0lKbibHNFmlAJwrV8iRQ1Ha-r-Q

Header:

Payload:

Signature:

We can use JWTs as proof that you've logged in before

JWT Format

JWT (JSON Web Token)

Creating a token

https://jwt.io/

Sending JWT To Server

HTTP Header

Authorization: Bearer <JWT>

Introduction to Authentication

By Elie Schoppik

Introduction to Authentication

2,362

Introduction

Objectives

One Way Hashing

Converting data into a fixed length hash string. You can only recreate the hash if you know the original data.

Applicable for saving passwords on your server

One Way Hashing Example

password

bcrypt

$2a$10$9Mconplm8A780pY6iB2q.eBwkdldFbnz2tSH2uqHEi5B9KTpR3O8.

Sign In (Authentication)

password

bcrypt

$2a$10$9Mconplm8A780pY6iB2q.eBwkdldFbnz2tSH2uqHEi5B9KTpR3O8.

$2a$10$9Mconplm8A780pY6iB2q.eBwkdldFbnz2tSH2uqHEi5B9KTpR3O8.

Saved In DB:

Equal??

Trouble With Passwords

Users do not want to enter their passwords on every page

We need some proof that you have logged in in the past

JWT (JSON Web Token)

Header:

Payload:

Signature:

JWT Format

JWT (JSON Web Token)

Creating a token

https://jwt.io/

Sending JWT To Server

HTTP Header

Authorization: Bearer <JWT>

Introduction to Authentication

More from Elie Schoppik