{"id":22946,"date":"2024-03-16T00:36:48","date_gmt":"2024-03-16T00:36:48","guid":{"rendered":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/"},"modified":"2024-03-22T00:05:32","modified_gmt":"2024-03-22T00:05:32","slug":"what-is-the-principle-behind-jwt-verification","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/","title":{"rendered":"What is the principle behind JWT verification?"},"content":{"rendered":"<p>The principle of JWT (JSON Web Token) authentication is to use a token based on JSON objects to verify user identity and permissions. JWT consists of three parts: header, payload, and signature.<\/p>\n<ol>\n<li>Header: Contains the type of token and the signature algorithm. Typically represented in JSON, for example: {&#8220;alg&#8221;: &#8220;HS256&#8221;, &#8220;typ&#8221;: &#8220;JWT&#8221;}.<\/li>\n<li>Payload: contains information about the user, such as user ID, username, role, and can also include custom information. It is commonly represented in JSON format, for example: {&#8220;userId&#8221;: 123456, &#8220;username&#8221;: &#8220;john.doe&#8221;, &#8220;role&#8221;: &#8220;admin&#8221;}.<\/li>\n<li>Signature: A cryptographic signature generated by encrypting the header, payload, and key. Used to verify the integrity and authenticity of a token. Signatures are typically encrypted using a key, such as the HMAC-SHA256 encryption algorithm.<\/li>\n<\/ol>\n<p>The verification process of JWT is as follows:<\/p>\n<ol>\n<li>The client sends a request to the server with their username and password when logging in.<\/li>\n<li>The server verifies if the username and password are correct, if so, generates a JWT token and returns it to the client.<\/li>\n<li>After receiving the JWT token, the client stores it locally, for example in localStorage or a cookie.<\/li>\n<li>In subsequent requests, the client will send the JWT token to the server by placing it in the request header (usually the Authorization header).<\/li>\n<li>After receiving a request, the server retrieves the JWT token from the request header, and then decrypts and verifies the integrity and authenticity of the JWT token based on the key.<\/li>\n<li>After the server validation is passed, user identity and permissions are verified based on the information in the JWT token, and then the requested data is returned or the corresponding operation is executed.<\/li>\n<\/ol>\n<p>The principle of JWT verification involves passing tokens between the client and server to verify user identity and permissions, eliminating the need for the server to store user states, while also ensuring data security. However, it is important to note that if a JWT token is intercepted, anyone can use it to impersonate a user, so measures need to be taken to protect the security of JWT, such as encrypting communication with HTTPS, setting token expiration times, and carrying additional information in the token to enhance verification complexity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The principle of JWT (JSON Web Token) authentication is to use a token based on JSON objects to verify user identity and permissions. JWT consists of three parts: header, payload, and signature. Header: Contains the type of token and the signature algorithm. Typically represented in JSON, for example: {&#8220;alg&#8221;: &#8220;HS256&#8221;, &#8220;typ&#8221;: &#8220;JWT&#8221;}. Payload: contains information [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-22946","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>What is the principle behind JWT verification? - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is the principle behind JWT verification?\" \/>\n<meta property=\"og:description\" content=\"The principle of JWT (JSON Web Token) authentication is to use a token based on JSON objects to verify user identity and permissions. JWT consists of three parts: header, payload, and signature. Header: Contains the type of token and the signature algorithm. Typically represented in JSON, for example: {&#8220;alg&#8221;: &#8220;HS256&#8221;, &#8220;typ&#8221;: &#8220;JWT&#8221;}. Payload: contains information [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-16T00:36:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-22T00:05:32+00:00\" \/>\n<meta name=\"author\" content=\"Benjamin Taylor\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:site\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Benjamin Taylor\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\"},\"author\":{\"name\":\"Benjamin Taylor\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/ac801fe9549a25960ce48aa2e0a691c9\"},\"headline\":\"What is the principle behind JWT verification?\",\"datePublished\":\"2024-03-16T00:36:48+00:00\",\"dateModified\":\"2024-03-22T00:05:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\"},\"wordCount\":366,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\",\"name\":\"What is the principle behind JWT verification? - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\"},\"datePublished\":\"2024-03-16T00:36:48+00:00\",\"dateModified\":\"2024-03-22T00:05:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.silicloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is the principle behind JWT verification?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"name\":\"Silicon Cloud Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\",\"name\":\"Silicon Cloud Blog\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"contentUrl\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"width\":1024,\"height\":1024,\"caption\":\"Silicon Cloud Blog\"},\"image\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\",\"https:\/\/twitter.com\/SiliCloudGlobal\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/ac801fe9549a25960ce48aa2e0a691c9\",\"name\":\"Benjamin Taylor\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ec2e3d3e2d525fd148047c4520ae7c1cdccd1f4b48a1a488422b31f04f345c14?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ec2e3d3e2d525fd148047c4520ae7c1cdccd1f4b48a1a488422b31f04f345c14?s=96&d=mm&r=g\",\"caption\":\"Benjamin Taylor\"},\"url\":\"https:\/\/www.silicloud.com\/blog\/author\/benjamintaylor\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is the principle behind JWT verification? - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/","og_locale":"en_US","og_type":"article","og_title":"What is the principle behind JWT verification?","og_description":"The principle of JWT (JSON Web Token) authentication is to use a token based on JSON objects to verify user identity and permissions. JWT consists of three parts: header, payload, and signature. Header: Contains the type of token and the signature algorithm. Typically represented in JSON, for example: {&#8220;alg&#8221;: &#8220;HS256&#8221;, &#8220;typ&#8221;: &#8220;JWT&#8221;}. Payload: contains information [&hellip;]","og_url":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/","og_site_name":"Blog - Silicon Cloud","article_publisher":"https:\/\/www.facebook.com\/SiliCloudGlobal\/","article_published_time":"2024-03-16T00:36:48+00:00","article_modified_time":"2024-03-22T00:05:32+00:00","author":"Benjamin Taylor","twitter_card":"summary_large_image","twitter_creator":"@SiliCloudGlobal","twitter_site":"@SiliCloudGlobal","twitter_misc":{"Written by":"Benjamin Taylor","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/#article","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/"},"author":{"name":"Benjamin Taylor","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/ac801fe9549a25960ce48aa2e0a691c9"},"headline":"What is the principle behind JWT verification?","datePublished":"2024-03-16T00:36:48+00:00","dateModified":"2024-03-22T00:05:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/"},"wordCount":366,"commentCount":0,"publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/","url":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/","name":"What is the principle behind JWT verification? - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/#website"},"datePublished":"2024-03-16T00:36:48+00:00","dateModified":"2024-03-22T00:05:32+00:00","breadcrumb":{"@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-principle-behind-jwt-verification\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.silicloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What is the principle behind JWT verification?"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/blog\/#website","url":"https:\/\/www.silicloud.com\/blog\/","name":"Silicon Cloud Blog","description":"","publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.silicloud.com\/blog\/#organization","name":"Silicon Cloud Blog","url":"https:\/\/www.silicloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","contentUrl":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","width":1024,"height":1024,"caption":"Silicon Cloud Blog"},"image":{"@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SiliCloudGlobal\/","https:\/\/twitter.com\/SiliCloudGlobal"]},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/ac801fe9549a25960ce48aa2e0a691c9","name":"Benjamin Taylor","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/ec2e3d3e2d525fd148047c4520ae7c1cdccd1f4b48a1a488422b31f04f345c14?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ec2e3d3e2d525fd148047c4520ae7c1cdccd1f4b48a1a488422b31f04f345c14?s=96&d=mm&r=g","caption":"Benjamin Taylor"},"url":"https:\/\/www.silicloud.com\/blog\/author\/benjamintaylor\/"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/22946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/comments?post=22946"}],"version-history":[{"count":1,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/22946\/revisions"}],"predecessor-version":[{"id":56896,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/22946\/revisions\/56896"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/media?parent=22946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/categories?post=22946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/tags?post=22946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}