Python/Flask JWT Project Implementation Overview

Python/Flask JWT Project Backend Implementation Overview (flask_portfolio)

Introduction to JWT

What is JWT? - Stands for JSON Web Token - Compact, URL-safe means of representing claims between two parties - Commonly used for authentication and information exchange in web development

Example (Login)

Encoded JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

• Result of applying Base64Url encoding to the JWT’s header, payload, and signature
  • String of three parts concatenated with dots: encoded header, payload, and signature
  • Purpose: makes JWT compact, URL-sage, and easy to transmit over networks
• Compact, used for transmission

Decoded JWT: { “sub”: “1234567890”, “name”: “John Doe”, “iat”: 1516239022 }

• Result of decoding the header, payload, and signature from Base64Url encoded JWT
  • Reveals contents of JWT/human-readable, reveals content of the token
• Contains information such as user identity, expiration time, and other relevant information/data
  • Information shown as “sub” essentially represents the time at which the information was registered
  • Information shown as “iat” represents the time at which the information will expire
  • “name” is just User ID

Cookies

• HTTP Cookies: pieces of information/data that a web server sends to a user’s browser and are stored on a user’s device
  • Sent back to server with each request (interaction with sites that require fetching server data) → server can recognize user session, maintain session info, and store user preferences
  • Cookies can store authentication tokens to keep a user authenticated as they navigate through a site (server)

Tokens

Elaboration on JWT + Cookies…

• Created when information is registered (session identifier)
  • Ex: when a user inputs data in a login
  • Session identifier often stored as a Token on the client side, either as an HTTP Cookie or in local storage
  • Tokens store user data
• Relation to Cookies → session Token is sent with each subsequent request from client to server, typically in the form of an HTTP Cookie
• Authentication → with JWT, the server verifies a signature given to the JWT to ensure authenticity and bases the user’s authenticity based on whether or not the signature is valid therefore trusted

Anatomy of Python Flask Review (flask_portfolio)

• main.py: the Python source file that’s used to run your project
  • Use this file to run, test, and debug your project
• Dockerfile and docker-compose.yml: files used to run and test your project in Docker container
  • Simulate the project’s deployment on a server, such as with AWS
  • Use this to ensure correct project functionality across different machines
• instances: base location for storing data files that you want to remain on the server
  • Files stored here stay after web application restarts, so everything outside of this file will be recreated when restarting
• static: base location for files that you want to be stored and hidden (cached) by the web server
  • Typically used for image or JavaScript files that remain constant when executing the web server
• api: contains code that receives and responds to requests from external servers
  • The interface between the external world and the logic and code in the rest of your project
• model: contains files that implement the backend functionality for many of the files in the api directory (ex: direct interaction with the database)
• templates: contains files and subdirectories used to support home + error pages of your project’s site

Python/Flask JWT Project Backend Implementation Overview (flask_portfolio)

Introduction to JWT

What is JWT? - Stands for JSON Web Token - Compact, URL-safe means of representing claims between two parties - Commonly used for authentication and information exchange in web development

Example (Login)

Encoded JWT:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

• Result of applying Base64Url encoding to the JWT’s header, payload, and signature
  • String of three parts concatenated with dots: encoded header, payload, and signature
  • Purpose: makes JWT compact, URL-sage, and easy to transmit over networks
• Compact, used for transmission

Decoded JWT: { “sub”: “1234567890”, “name”: “John Doe”, “iat”: 1516239022 }

• Result of decoding the header, payload, and signature from Base64Url encoded JWT
  • Reveals contents of JWT/human-readable, reveals content of the token
• Contains information such as user identity, expiration time, and other relevant information/data
  • Information shown as “sub” essentially represents the time at which the information was registered
  • Information shown as “iat” represents the time at which the information will expire
  • “name” is just User ID

Cookies

• HTTP Cookies: pieces of information/data that a web server sends to a user’s browser and are stored on a user’s device
  • Sent back to server with each request (interaction with sites that require fetching server data) → server can recognize user session, maintain session info, and store user preferences
  • Cookies can store authentication tokens to keep a user authenticated as they navigate through a site (server)

Tokens

Elaboration on JWT + Cookies…

• Created when information is registered (session identifier)
  • Ex: when a user inputs data in a login
  • Session identifier often stored as a Token on the client side, either as an HTTP Cookie or in local storage
  • Tokens store user data
• Relation to Cookies → session Token is sent with each subsequent request from client to server, typically in the form of an HTTP Cookie
• Authentication → with JWT, the server verifies a signature given to the JWT to ensure authenticity and bases the user’s authenticity based on whether or not the signature is valid therefore trusted

Anatomy of Python Flask Review (flask_portfolio)

• main.py: the Python source file that’s used to run your project
  • Use this file to run, test, and debug your project
• Dockerfile and docker-compose.yml: files used to run and test your project in Docker container
  • Simulate the project’s deployment on a server, such as with AWS
  • Use this to ensure correct project functionality across different machines
• instances: base location for storing data files that you want to remain on the server
  • Files stored here stay after web application restarts, so everything outside of this file will be recreated when restarting
• static: base location for files that you want to be stored and hidden (cached) by the web server
  • Typically used for image or JavaScript files that remain constant when executing the web server
• api: contains code that receives and responds to requests from external servers
  • The interface between the external world and the logic and code in the rest of your project
• model: contains files that implement the backend functionality for many of the files in the api directory (ex: direct interaction with the database)
• templates: contains files and subdirectories used to support home + error pages of your project’s site