JWT Access Token Design Pattern Tutorial for API Developers | JWT OAuth3 Explained for Microservices

In this video we will learn about Access Token design pattern for microservices.

Access Token pattern is to validate the identity of the caller. Caller service or app sends the access token in request header to callee services. Api Gateway of the Callee service validates the token & check the identity of caller. Api gateway will allow request only with valid access token.

OAuth 2.0 has provided delegated authorization since 2012. OpenID oauth2 Connect added federated identity on top of OAuth 2.0 in 2014. Together, they offer a standard spec you can write code against and have confidence that it will work across IdPs (Identity Providers).

JWT (JSON web token) is an open standard (RFC-7519) that defines a mechanism for securely transmitting information between two parties. JWT token is a signed JSON object that contains a list of claims which allow the receiver to validate the sender's identity. The purpose of JWT token is for a stateless authentication mechanism. Stateless authentication stores the user session on the client-side.

** JSON Token Structure **
The JSON Web token is composed of three parts separated by periods (dot).

1. The header contains the algorithm used for signing.
2. The payload is the session data that also refers to ‘claims’. There are two types of claims.
• Reserved claim - The JWT specifications define reserved claims that are recommended to use while generating the JWT token.
• Custom claims
3. The signature is the most critical part. The signature is calculated by encoding the header and the payload using Base64 encoded. Then the encode64 is signed using a secret key and cryptographic algorithms specified in the header section. The signature is used to verify the token has not changed or modified.

#jwt #accesstoken #designpattern

** Usage of this Design Pattern **
1. Use this pattern to solve security problem.
2. Use this pattern to achieve Oauth2 based authentication & authorization.
3. Use this pattern to achieve standard security solution
4. Use this pattern to integrate with federated identity providers like FB, Google

** Chapter Timestamps **
0:00 Welcome to Access Token design pattern
1:00 Agenda of tutorial
2:00 Introduction of Access Token JWT design pattern
2:50 Understanding JWT token for Authentication
4:19 Explaining JWT token structured for Authorization
6:18 Real world examples of Access Token design pattern
10:17 Usage of Access Token design pattern
10:52 Advantages of Access Token design pattern
11:30 Summary of Access Token design pattern



** CHECK OUT OUR OTHER VIDEOS **

** CHECK OUR PLAYLISTS **
Docker Containers Complete Tutorial

** ABOUT OUR CHANNEL **
CodeOneDigest is a youtube channel that produces videos on programming languages, cloud and container technologies, Software design principles, Java frameworks in English and Hindi languages.
Dosto, CodeOneDigest youtube channel pe aapko programming languages, container technology, cloud computing, software engineering se related videos milenge.

Check out our channel here:
Don’t forget to subscribe!

** OUR WEBSITE **

** GET IN TOUCH **

FOLLOW US ON SOCIAL - LIKE, SHARE & SUBSCRIBE
Get updates or reach out to Get updates on our Social Media Profiles!