3

I am new to JWT, I am trying to create a simple JWT in javascript, send it to a controller (using web-api), check it in sql database. when I googled the net I found a examples like: //HEAD

  {"typ":"JWT",
          "alg":"HS256"}

//claims

{
  "Id": 445566,
  "name": "Meme Jhon",
  "password": "ticktack"
}

//and signature.

I want to create in Javascript my First JWT but i feel something is missing.. what is the full structure? it's not seem logical to start only with the head (like example above..)I need a full example or explaination or a link to a full example. Thank you

Improve this question
7
  • When you say JavaScript do you mean server-side in node.js? Commented Feb 1, 2015 at 11:56
  • I mean plain javascript. Commented Feb 1, 2015 at 11:58
  • node.js - that's still plain JavaScript, you mean on the client side. Commented Feb 1, 2015 at 12:46
  • yes, on the client side, I just want to write JWT , must I use node.js ? yes on the client side Commented Feb 1, 2015 at 13:29
  • See the core concept of JWT generation being done server-side below..otherwise signing becomes pointless. Commented Feb 1, 2015 at 17:09

1 Answer 1

Reset to default
1

Refer to the JWT spec to get a full understanding.

To summarize, at the end of the day, it's a way to send data (claims) between 2 parties in a secure fashion:

JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.

The structure looks like this (taken straight out of the spec):

eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
.
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt
cGxlLmNvbS9pc19yb290Ijp0cnVlfQ
.
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk

  • 3 base64url encoded segments separated by a dot (.)

    • header
    • claim/payload
    • signature

The core concept of server-side generation has to do with signing - though if you don't want to sign, therefore "unsecured JWT" (refer to spec), then I guess you can do everything client-side.

Implementation details vary - e.g. the above can be the payload of some HTTP request, auth schemes (see link in @M.M. answer for such), etc.

Google Wallet is an example of an implementation of the spec.

Refer to the link provided above by @M.M. for libraries

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I need to build a token in JS and send it to my c# file. I need a FULL exampke not pieces , can you help? thanks :-)
@Damkulul - Sorry, not really. I've never/haven't considered unsecure JWT (no signature, etc) so building/generating in client side Javascript isn't something I've done. For tinkering/experimental purposes - you'll need to base64url encode JSON for the necessary segments. That should get you going to try something. Hth.
if the user needs to send a JWT to the server (to login) and the info is send to the server by $.AJAX (from JavaScript section in HTML page) than I need to create the JWT in javascript. please let me know if I am missing something .. thanks
@Damkulul see the linked implementation sample in M.M. answer above. This is another (just get past some of the terminology used as you'll see in the comments). Hth.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.