This is quoted from here link.
The following example JOSE Header declares that the encoded object is a JSON Web Token (JWT) and the JWT is a JWS that is MACed using the HMAC SHA-256 algorithm:
{"typ":"JWT",
"alg":"HS256"}
To remove potential ambiguities in the representation of the JSON object above, the octet sequence for the actual UTF-8 representation used in this example for the JOSE Header above is also included below. (Note that ambiguities can arise due to differing platform representations of line breaks (CRLF versus LF), differing spacing at the beginning and ends of lines, whether the last line has a terminating line break or not, and other causes. In the representation used in this example, the first line has no leading or trailing spaces, a CRLF line break (13, 10) occurs between the first and second lines, the second line has one leading space (32) and no trailing spaces, and the last line does not have a terminating line break.) The octets representing the UTF-8 representation of the JOSE Header in this example (using JSON array notation) are:
[123, 34, 116, 121, 112, 34, 58, 34, 74, 87, 84, 34, 44, 13, 10, 32, 34, 97, 108, 103, 34, 58, 34, 72, 83, 50, 53, 54, 34, 125]
Base64url encoding the octets of the UTF-8 representation of the JOSE Header yields this Encoded JOSE Header value:
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9
The following is an example of a JWT Claims Set:
{"iss":"joe",
"exp":1300819380,
"http://example.com/is_root":true}
The following octet sequence, which is the UTF-8 representation used in this example for the JWT Claims Set above, is the JWS Payload:
[123, 34, 105, 115, 115, 34, 58, 34, 106, 111, 101, 34, 44, 13, 10, 32, 34, 101, 120, 112, 34, 58, 49, 51, 48, 48, 56, 49, 57, 51, 56, 48, 44, 13, 10, 32, 34, 104, 116, 116, 112, 58, 47, 47, 101, 120, 97, 109, 112, 108, 101, 46, 99, 111, 109, 47, 105, 115, 95, 114, 111, 111, 116, 34, 58, 116, 114, 117, 101, 125]
Base64url encoding the JWS Payload yields this encoded JWS Payload (with line breaks for display purposes only):
eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly 9leGFtcGxlLmNvbS9pc19yb290Ijp0cnVlfQ
Computing the MAC of the encoded JOSE Header and encoded JWS Payload with the HMAC SHA-256 algorithm and base64url encoding the HMAC value in the manner specified in [JWS], yields this encoded JWS Signature:
dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
Concatenating these encoded parts in this order with period (‘.’) characters between the parts yields this complete JWT (with line breaks for display purposes only):
eyJ0eXAiOiJKV1QiLA0KICJhbGciOiJIUzI1NiJ9 . eyJpc3MiOiJqb2UiLA0KICJleHAiOjEzMDA4MTkzODAsDQogImh0dHA6Ly9leGFt cGxlLmNvbS9pc19yb290Ijp0cnVlfQ . dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk
This computation is illustrated in more detail in Appendix A.1 of [JWS]. See Appendix A.1 for an example of an encrypted JWT.
Implementation
Following code uses jsonwebtoken.js to generate the JWT token in node.js
- var jwt = require(‘jsonwebtoken’);
- var token = jwt.sign({ foo: ‘bar’ }, ‘this is the kez’);
- console.log(token);
- var decoded = jwt.verify(token, ‘this is the kez’, inValidProcess);
- function inValidProcess(err, decoded){
- if(err){
- console.log(“token invalid: ” + err);
- }
- else{
- console.log(decoded);
- }
- }
For java, we can use following maven:
<dependency>
<groupId>com.auth0groupId>
<artifactId>java-jwtartifactId>
<version>2.0.1version>
dependency>
Java code:
import com.auth0.jwt.JWTSigner;
import com.auth0.jwt.JWTVerifier;
import java.security.SignatureException;
import java.util.HashMap;
import java.util.Map;
/**
* Created by pli on 4/17/2015.
*/
public class App {
public static void main(String[] args) {
try {
/**
* Generate a token
*/
Map payload = new HashMap();
payload.put("name", "pli");
payload.put("age", "27");
payload.put("ok", "ok");
JWTSigner signer = new JWTSigner("local key");
String token = signer.sign(payload);
System.out.println("token:" + token);
/**
* Verify a token and get the payload
*/
JWTVerifier verifier = new JWTVerifier("local key");
payload = verifier.verify(token);
System.out.println("payload:" + payload);
}catch (SignatureException e){
e.printStackTrace();
}catch (Exception e){
e.printStackTrace();
}
}
}