Let's talk about JWT
07-14, 16:05–16:35 (Europe/Dublin), Wicklow Hall 1

JSON Web Tokens, or JWTs for short, are all over the web. They can be used to track bits of information about a user in a very compact way and can be used in APIs for authorization purposes. Join me and learn what JWTs are, what problems it solves, how you can use JWTs, and how to be safer when using JWTs on your applications.


JSON Web tokens dominated the way we give access to APIs and how we carry data from users, but to use JWTs safely we need to understand how they came to life and how JWTs can be useful.
In this talk we will take a closer look at the famous three-part structure that forms a JSON Web Token, and the claims each JWT can carry.
But knowing it’s history and structure is not enough, we need also to understand the algorithms used in creating a token and how you can use JWTs as access tokens or as ID tokens.
After understanding JWTs on a deeper level, we will create and validate a JWT together using the PyJWT library and discuss things you should avoid doing to be safer when using JWTs in your projects.

  1. How did JWT come to life? Talk about the JOSE specification;
  2. What actually is a JSON Web Token and its structure: header, payload, and signature;
  3. What is a claim and its standardization efforts;
  4. The different types of algorithms that can be used to create JWTs and what is JWKs;
  5. Let's create a token together using PyJWT;
  6. What is an access token and an ID token;
  7. Things to avoid to be safer with JWTs

Expected audience expertise: Domain

none

Expected audience expertise: Python

some

Abstract as a tweet

Learn what JWTs are, what problems it solves, how you can use JWTs, and how to be safer when using JWTs on your applications

Jessica Temporal is Senior Developer Advocate at Okta for Auth0. Pizza de Dados co-founder and co-host, Pizza is the first and most beloved Brazilian podcast about data science. Jessica is also part of the instructors team in Data Bootcamp and LinkedIn Learning. She is part of PyLadies Brazil, the Brazilian network that promotes and empowers women in technology. Creator of GitFichas, a git study cards collection available in English and Portuguse. She was born in warm weather and keeps herself warm in the cold Brazilian south with sweaters she knits herself.