filmov
tv
Working with JWTs in Python
Показать описание
In this video, Jose Haro Peralta explains how to work with JWTs in Python.
Chapters:
0:00 What are JSON Web Tokens (JWTs)?
2:29 ID tokens and access tokens
3:14 Types of claims in a JWT
4:22 Signing algorithms for JWTs
4:50 Setting up the environment and installing dependencies
5:42 Producing a JWT with the HS256 algorithm
7:50 Producing a JWT with the RS256 algorithm
9:42 Generating a X.509 signing certificate
10:21 Signing a JWT with a private key
12:38 Validating JWTs with Python
16:05 JWT validation errors
17:18 Wrapping up
JWTs are JSON documents which contain claims. We distinguish two types of JWTs: ID tokens and access tokens.
ID tokens are tokens which carry identifying information about a user, such as their name, username, email, date of birth, and other details. You should NEVER use an ID token to validate access to an API.
Access tokens are tokens which contain claims about the right of a user to access an API or a resource. These are the tokens that we must use to validate access to an API.
The standard claims of an access token are:
• iss (issuer): identifies the authorization server that issued the JWT.
• sub (subject): identifies the subject of the JWT, i.e. the user sending the request to the server.
• aud (audience): indicates the recipient for which the JWT is intended. This is our API server.
• exp (expiration time): when the JWT expires.
• nbf (not before time): time before which the JWT must not be accepted.
• iat (issued at time): when the JWT was issued.
• jti (JWT ID): a unique identifier for the JWT.
JWTs are commonly signed using the HS256 and the RS256 algorithms. HS256 uses a secret to encrypt the token, while RS256 uses a private/public key to sign the token. We use this information to apply the right algorithm to verify the token’s signature.
Some of the articles and websites mentioned in the video are:
In case you're unable to generate the signing certificates with the openssl command as shown in the video, the repo includes an example of private and public keys.
If you liked this video, please like it and share it with your network! You can also subscribe to my channel! All this goes a long way to supporting me to continue creating this kind of content.
Please let me know in the comments if you liked this video and whether you found it useful. Let me know also what other kinds of topics you'd like me to address in future videos!
Chapters:
0:00 What are JSON Web Tokens (JWTs)?
2:29 ID tokens and access tokens
3:14 Types of claims in a JWT
4:22 Signing algorithms for JWTs
4:50 Setting up the environment and installing dependencies
5:42 Producing a JWT with the HS256 algorithm
7:50 Producing a JWT with the RS256 algorithm
9:42 Generating a X.509 signing certificate
10:21 Signing a JWT with a private key
12:38 Validating JWTs with Python
16:05 JWT validation errors
17:18 Wrapping up
JWTs are JSON documents which contain claims. We distinguish two types of JWTs: ID tokens and access tokens.
ID tokens are tokens which carry identifying information about a user, such as their name, username, email, date of birth, and other details. You should NEVER use an ID token to validate access to an API.
Access tokens are tokens which contain claims about the right of a user to access an API or a resource. These are the tokens that we must use to validate access to an API.
The standard claims of an access token are:
• iss (issuer): identifies the authorization server that issued the JWT.
• sub (subject): identifies the subject of the JWT, i.e. the user sending the request to the server.
• aud (audience): indicates the recipient for which the JWT is intended. This is our API server.
• exp (expiration time): when the JWT expires.
• nbf (not before time): time before which the JWT must not be accepted.
• iat (issued at time): when the JWT was issued.
• jti (JWT ID): a unique identifier for the JWT.
JWTs are commonly signed using the HS256 and the RS256 algorithms. HS256 uses a secret to encrypt the token, while RS256 uses a private/public key to sign the token. We use this information to apply the right algorithm to verify the token’s signature.
Some of the articles and websites mentioned in the video are:
In case you're unable to generate the signing certificates with the openssl command as shown in the video, the repo includes an example of private and public keys.
If you liked this video, please like it and share it with your network! You can also subscribe to my channel! All this goes a long way to supporting me to continue creating this kind of content.
Please let me know in the comments if you liked this video and whether you found it useful. Let me know also what other kinds of topics you'd like me to address in future videos!
0:18:09
Working with JWTs in Python
0:12:16
How to Create JSON Web Tokens (JWTs) in Python
0:13:12
How to Easily Parse and Validate JSON Web Tokens (JWTs) in Python
0:05:14
Why is JWT popular?
0:18:09
Encoding and decoding JWTs in Python
0:02:18
Session vs Token Authentication in 100 Seconds
0:11:24
JSON Web Tokens (JWTs) explained with examples | System Design
0:17:12
PyJWT Tutorial: Managing Authorization using JWT in Python
0:19:02
Python & SurrealDB : JWT authentication
0:16:33
Introduction to JWT Attacks
0:05:13
What is JWT ? JSON Web Token Explained
0:19:44
You probably do not understand how JWTs and Auth work, but you should!
0:06:30
JSON Web Token Hacking
0:23:33
Stop using JSON Web Tokens. Use Cookies & Server Sessions instead
0:01:00
How to use a JWT Token to get data from an API with Javascript
0:13:17
How to create json web tokens jwts in python
0:05:24
How to easily parse and validate json web tokens jwts in python
0:14:23
Creating JWTs from Scratch with Python
0:06:29
An Introduction to JSON Web Tokens (JWT) in Python
0:14:53
What Is JWT and Why Should You Use JWT
0:04:30
How to Use JWT Authorization
0:06:26
How to create json web tokens jwts in python
0:02:01
Decoding a JWT
0:01:00
How JWT is used for authentication in microservices - Short
Комментарии