Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
You've probably heard that JSON Web Token (JWT) is the current state-of-the-art technology for securing APIs.
Like most security topics, it's important to understand how it works (at least, somewhat) if you're planning to use it. The problem is that most explanations of JWT are technical and headache inducing.
In previous article we have introduced OAuth2.0. In this article let us have a look at JWT.
JSON Web Token (JWT), usually pronounced as “jot,” is an standard () that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. They contain information in terms of claims and are specially used in in space constrained environments such as HTTP. This information can be verified and trusted because it is digitally signed. JWTs can be signed using a secret (with the HMAC algorithm) or a public/private key pair using RSAor ECDSA.
This blog is the first installation in a series of security-centered articles that are intended to help Django developers secure their deployments. In this piece, I wish to talk about the security setup required for the secure use of JSON Web Token, an authorization mechanism used while transferring information in REST Frameworks such as Django REST-APIs
With business needs demanding more from web applications, product teams have moved towards light-weight application development for scalability and efficiency. This usually includes building applications that use RESTful web services, which use an Application Programming Interface (API) to interact with other applications and web services. One such popular web framework that supports such an architecture is the Django web framework.