Idris Brhane

Idris Brhane

1590054871

Using JWT(JSON Web Tokens) Authentication Our User

In this video we take build a login endpoint we can use to compare a submitted username and password to that one in our database and return a JWT for future verification of the user against API calls

#nodejs #javascript #jwt #json web tokens

What is GEEK

Buddha Community

Using JWT(JSON Web Tokens) Authentication Our User
Giles  Goodwin

Giles Goodwin

1600094940

JWT (JSON Web Tokens) User Authentication in Next.js Web Application

JWT (JSON Web Tokens) implement information with encoded token between client and server. JWT can be use in any programming language platform for many developers in their projects. Visit this website to view a better understanding of JWT tokens.

Image for post

JWT (JSON Web Tokens) logo.

_JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties. — _https://jwt.io/

Simple flow of JWT

Simple flow of JWT

Next.js feature has an awesome API that can allow you to use request and response within client and server communication. Below is the example of request and response in ./pages/api/hello.js from a default Next.js project template.

export default (req, res) => {
   res.statusCode = 200
   res.json({ name: 'John Doe' })
}

#nextjs #authentication #javascript #react #jwt-token #json

Alverta  Crist

Alverta Crist

1596731229

How JSON Web Tokens Work

JSON Web tokens or JWTs are a very popular way to do user authorization in web apps today. JWT has also become very popular in the context of micro services and some of the other developments …

#json-web-token #jwt-auth #javascript #jwt-token #jwt

Idris Brhane

Idris Brhane

1590054871

Using JWT(JSON Web Tokens) Authentication Our User

In this video we take build a login endpoint we can use to compare a submitted username and password to that one in our database and return a JWT for future verification of the user against API calls

#nodejs #javascript #jwt #json web tokens

How To Set Up Two-Factor Authentication in cPanel

What is 2FA
Two-Factor Authentication (or 2FA as it often referred to) is an extra layer of security that is used to provide users an additional level of protection when securing access to an account.
Employing a 2FA mechanism is a vast improvement in security over the Singe-Factor Authentication method of simply employing a username and password. Using this method, accounts that have 2FA enabled, require the user to enter a one-time passcode that is generated by an external application. The 2FA passcode (usually a six-digit number) is required to be input into the passcode field before access is granted. The 2FA input is usually required directly after the username and password are entered by the client.

#tutorials #2fa #access #account security #authentication #authentication method #authentication token #cli #command line #cpanel #feature manager #google authenticator #one time password #otp #otp authentication #passcode #password #passwords #qr code #security #security code #security policy #security practices #single factor authentication #time-based one-time password #totp #two factor authentication #whm

How To Use JWT Authentication with Web API

Introduction

Token-based security is commonly used in today’s security architecture. There are several token-based security techniques. JWT is one of the more popular techniques. JWT token is used to identify authorized users.

What is the JWT WEB TOKEN?

  • Open Standard: Means anywhere, anytime, and anyone can use JWT.
  • Secure data transfer between any two bodies, any two users, any two servers.
  • It is digitally signed: Information is verified and trusted.
  • There is no alteration of data.
  • Compact: because JWT can be sent via URL, post request & HTTP header.
  • Fast transmission makes JWT more usable.
  • Self Contained: because JWT itself holds user information.
  • It avoids querying the database more than once after a user is logged in and has been verified.

JWT is useful for

  • Authentication
  • Secure data transfer

JWT Token Structure

A JWT token contains a Header, a Payload, and a Signature.

This is image title

Header

Header contains the algorithms like RSA or HMACSHA256 and the information of the type of Token.

{  
   “alg” : ”” Algorithm like RSA or HMACSHA256  
   “Type” : ”” Type of JWT Token  
}  

Payload

Payload contains the information of rows, i.e., user credentials.

{  
   “loginname” : ”Gajendra”  
   “password”:”123#”  
}  
  • It contains claims.
  • Claims are user details or additional information

Signature

{ base64urlencoded (header) +”.”+ base64urlencoded (payload) +”.”+ secret }

  • Combine base64 encoded Header , base64 encoded Payload with secret
  • These provide more security.

A combination of all headers, payload and signatures converts into JWT TOKEN.

How Does JWT Work?

Step 1

Client logs in with his/her credentials.

This is image title

Step 2

Server generates a Jwt token at server side.

This is image title

Step 3

After token generation, the server returns a token in response.

This is image title

Step 4

Now, the client sends a copy of the token to validate the token.

This is image title

Step 5

The server checks JWT token to see if it’s valid or not.

This is image title

Step 6

After the token is validated, the server sends a status message to the client.

This is image title

Working With JWT

Step 1

User Login - User normally logs in with his/her credentials such as User Name and Password.

[Route("UserLogin")]  
[HttpPost]  
public ResponseVM UserLogin(LoginVM objVM) {  
    var objlst = wmsEN.Usp_Login(objVM.UserName, UtilityVM.Encryptdata(objVM.Passward), "").ToList < Usp_Login_Result > ().FirstOrDefault();  
    if (objlst.Status == -1) return new ResponseVM {  
        Status = "Invalid", Message = "Invalid User."  
    };  
    if (objlst.Status == 0) return new ResponseVM {  
        Status = "Inactive", Message = "User Inactive."  
    };  
    else return new ResponseVM {  
        Status = "Success", Message = TokenManager.GenerateToken(objVM.UserName)  
    };  
}  

Step 2

Server generates a JWT token.

Jwt secret string

private static string Secret = "ERMN05OPLoDvbTTa/QkqLNMI7cPLguaRyHzyg7n5qNBVjQmtBhz4SzYh4NBVCXi3KJHlSXKP+oi2+bXr6CUYTR=="; 

Create Jwt Token

First you have to add Microsoft.IdentityModel.Tokens and System.IdentityModel.Tokens.Jwt references from NuGet Package Manager.

public static string GenerateToken(string username) {  
    byte[] key = Convert.FromBase64String(Secret);  
    SymmetricSecurityKey securityKey = new SymmetricSecurityKey(key);  
    SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor {  
        Subject = new ClaimsIdentity(new [] {  
                new Claim(ClaimTypes.Name, username)  
            }),  
            Expires = DateTime.UtcNow.AddMinutes(30),  
            SigningCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256Signature)  
    };  
    JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();  
    JwtSecurityToken token = handler.CreateJwtSecurityToken(descriptor);  
    return handler.WriteToken(token);  
}  
public static ClaimsPrincipal GetPrincipal(string token) {  
    try {  
        JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();  
        JwtSecurityToken jwtToken = (JwtSecurityToken) tokenHandler.ReadToken(token);  
        if (jwtToken == null) return null;  
        byte[] key = Convert.FromBase64String(Secret);  
        TokenValidationParameters parameters = new TokenValidationParameters() {  
            RequireExpirationTime = true,  
                ValidateIssuer = false,  
                ValidateAudience = false,  
                IssuerSigningKey = new SymmetricSecurityKey(key)  
        };  
        SecurityToken securityToken;  
        ClaimsPrincipal principal = tokenHandler.ValidateToken(token, parameters, out securityToken);  
        return principal;  
    } catch {  
        return null;  
    }  
}  

Step 3

Check for token validation.

[Route("Validate")]  
[HttpGet]  
public ResponseVM Validate(string token, string username) {  
    int UserId = new UserRepository().GetUser(username);  
    if (UserId == 0) return new ResponseVM {  
        Status = "Invalid", Message = "Invalid User."  
    };  
    string tokenUsername = TokenManager.ValidateToken(token);  
    if (username.Equals(tokenUsername)) {  
        return new ResponseVM {  
            Status = "Success",  
                Message = "OK",  
        };  
    }  
    return new ResponseVM {  
        Status = "Invalid", Message = "Invalid Token."  
    };  
}  
public static string ValidateToken(string token) {  
    string username = null;  
    ClaimsPrincipal principal = GetPrincipal(token);  
    if (principal == null) return null;  
    ClaimsIdentity identity = null;  
    try {  
        identity = (ClaimsIdentity) principal.Identity;  
    } catch (NullReferenceException) {  
        return null;  
    }  
    Claim usernameClaim = identity.FindFirst(ClaimTypes.Name);  
    username = usernameClaim.Value;  
    return username;  
}  

Here is the complete TokenManager class.

using Microsoft.IdentityModel.Tokens;  
using System;  
using System.Collections.Generic;  
using System.IdentityModel.Tokens.Jwt;  
using System.Linq;  
using System.Security.Claims;  
using System.Web;  
  
namespace WMS.Models.VM  
{  
    public class TokenManager  
    {  
        private static string Secret = "ERMN05OPLoDvbTTa/QkqLNMI7cPLguaRyHzyg7n5qNBVjQmtBhz4SzYh4NBVCXi3KJHlSXKP+oi2+bXr6CUYTR==";  
        public static string GenerateToken(string username)  
        {  
            byte[] key = Convert.FromBase64String(Secret);  
            SymmetricSecurityKey securityKey = new SymmetricSecurityKey(key);  
            SecurityTokenDescriptor descriptor = new SecurityTokenDescriptor  
            {  
                Subject = new ClaimsIdentity(new[] {  
                      new Claim(ClaimTypes.Name, username)}),  
                Expires = DateTime.UtcNow.AddMinutes(30),  
                SigningCredentials = new SigningCredentials(securityKey,  
                SecurityAlgorithms.HmacSha256Signature)  
            };  
  
            JwtSecurityTokenHandler handler = new JwtSecurityTokenHandler();  
            JwtSecurityToken token = handler.CreateJwtSecurityToken(descriptor);  
            return handler.WriteToken(token);  
        }  
        public static ClaimsPrincipal GetPrincipal(string token)  
        {  
            try  
            {  
                JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler();  
                JwtSecurityToken jwtToken = (JwtSecurityToken)tokenHandler.ReadToken(token);  
                if (jwtToken == null)  
                    return null;  
                byte[] key = Convert.FromBase64String(Secret);  
                TokenValidationParameters parameters = new TokenValidationParameters()  
                {  
                    RequireExpirationTime = true,  
                    ValidateIssuer = false,  
                    ValidateAudience = false,  
                    IssuerSigningKey = new SymmetricSecurityKey(key)  
                };  
                SecurityToken securityToken;  
                ClaimsPrincipal principal = tokenHandler.ValidateToken(token,  
                      parameters, out securityToken);  
                return principal;  
            }  
            catch  
            {  
                return null;  
            }  
        }  
        public static string ValidateToken(string token)  
        {  
            string username = null;  
            ClaimsPrincipal principal = GetPrincipal(token);  
            if (principal == null)  
                return null;  
            ClaimsIdentity identity = null;  
            try  
            {  
                identity = (ClaimsIdentity)principal.Identity;  
            }  
            catch (NullReferenceException)  
            {  
                return null;  
            }  
            Claim usernameClaim = identity.FindFirst(ClaimTypes.Name);  
            username = usernameClaim.Value;  
            return username;  
        }  
          
    }  
}  

Summary

In this article, I have explained the Jwt token authentication and how it works. Thanks for reading!

#JSON #JWT #WEB API #javascript #authentication