Adullam JWT Authentication
Adullam utilizes JSON Web Tokens (JWT) for stateless authentication, allowing secure transmission of information between parties as a JSON object. This documentation provides an overview of how to implement JWT authentication in your applications to interact with the Adullam platform.JWT Structure
A JWT consists of three parts: Header, Payload, and Signature. These parts are separated by dots (.) and encoded in Base64Url format.1
Header
Contains metadata about the token, including the type of token and the signing algorithm used.
2
Payload
Contains the claims, which are statements about an entity (typically, the user) and additional data.
3
Signature
Used to verify the token’s integrity and authenticity.
Generating a JWT
To generate a JWT for Adullam authentication, follow these steps:1
Create the Header and Payload as JSON objects.
2
Encode the Header and Payload using Base64Url encoding.
3
Create the Signature by signing the encoded Header and Payload with your secret key using the specified algorithm.
4
Concatenate the encoded Header, Payload, and Signature with dots (.) to form the complete JWT.
Using JWT for Authentication
Include the generated JWT in theAuthorization header of your HTTP requests to the Adullam REST API. The header should be formatted as follows:
YOUR_JWT_TOKEN with the actual JWT you generated.
Validating JWTs
When receiving a JWT, validate it by:1
Decoding the token to extract the Header, Payload, and Signature.
2
Verifying the Signature using the same algorithm and secret key used to sign the token.
3
Checking the token's expiration time and other claims to ensure it is still valid.
Best Practices
- Use strong secret keys for signing JWTs to enhance security.
- Regularly rotate your secret keys and invalidate old tokens as necessary.
- Limit the lifespan of JWTs by setting appropriate expiration times.