Security and Authentication
Headers
Building JWT Token
Header
The header object contains two properties: type with the value 'JWT' (indicating it's a JWT) and alg with the value 'HS256' (indicating HMAC SHA-256 algorithm for signing).
The header is then converted to a JSON string.
The resulting JSON string is UTF-8 encoded.
The UTF-8 encoded header is then base64 URL encoded to produce the first part of the token.
Payload (Data)
The data object contains two properties: partner_id, and the current timestamp (seconds since epoch) obtained using Math.floor(Date.now() / 1000).
The data object is converted to a JSON string.
The resulting JSON string is UTF-8 encoded.
The UTF-8 encoded data (payload) is then base64 URL encoded to produce the second part of the token.
Building the Token
The token is formed by concatenating the encoded header and the encoded data (payload) with a dot separator.
Signing the Token
The token is used as the message input for the HMAC SHA-256 algorithm, along with a secret key (jwtSecret).
The HMAC SHA-256 algorithm produces a signature for the token.
The signature is binary data.
The binary signature is then base64 URL encoded to produce the third part of the token.
Constructing the Final JWT
The final JWT is formed by concatenating the original token, the dot separator, and the encoded signature.
The resulting JWT variable is a compact JWT that can be used for secure data exchange and authentication. The signature ensures the token's integrity and authenticity, and the recipient can verify the token using the jwtSecret key to ensure that its contents have not been tampered with during transmission.
Last updated