JSON Web Tokens, or JWTs (pronounced "jots") are an "open, industry standard RFC 7519 method for representing claims securely
between two parties" -- but what does that actually *mean*? If you decode the buzzwords, you'll find JWTs solve common problems around authorization for web and mobile apps in a portable, easily implementable fashion -- and you're going to want to use them *everywhere*.

JWTs are designed to be extremely compact -- small enough to be transmitted in an HTTP header, for example -- and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They're based on a very simple and elegant algorithm that's easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.

Unfortunately, learning how to use JWTs can be complicated by the terminology that's commonly used. "Claims", "signatures", "body", "payload" -- a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.

This talk will cover:
* the structure of a JSON Web Token
* the algorithm for generating one
* available libraries and tooling
* some common scenarios where JWTs can be used.

Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.


Comments are closed.

John Anderson (Speaker) at 17:00 on 15 Jul 2017

test comment?

Thank you, John! This was a great session and I know it will be useful in my work.

I'd love to augment the notes that I took with the slides you used. I got your disclaimer in class that we shouldn't copy and paste code because often you showed how to do something independently of using a JWT library, but assuming we've got that message and use a good JWT library, do you think you could make your slides available? They had some great examples of a few things that I didn't have time to write down.