JSON Web Tokens (JWTs) are a widely used method for securely transmitting information as a JSON object. They are commonly employed for authentication and authorization in web applications, particularly when interacting with APIs. JWTs allow servers to verify the authenticity of the transmitted data using a secret or a public/private key pair. JWT-based authentication is especially beneficial in stateless architectures, where tokens carry all necessary information for the server to verify and authorize requests.
In most implementations, a client receives a JWT after successfully authenticating with an endpoint. This token is then used in future requests to access protected resources. JWTs are typically sent in the HTTP Authorization header as a Bearer token, which allows for simplified and secure API access without sending credentials on every request. Each token contains encoded claims, which servers validate to grant or deny access to resources. The JWT also includes an expiration time, after which the token becomes invalid, requiring renewal.
cURL provides a simple way to implement JWT-based authentication. It allows developers to interact with authentication servers, retrieve JWTs, and include them in subsequent requests. With cURL, you can easily automate authentication processes, refresh expired tokens, and manage secure API communication. The process involves obtaining a JWT from the authentication server and attaching it to each API request using the Bearer schema.
Steps to authenticate using JWT in cURL:
- Open your terminal.
- Authenticate with the server to obtain the JWT.
$ curl -d '{"username":"user", "password":"pass"}' -H "Content-Type: application/json" http://example.com/auth/login {"token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"}
The command sends user credentials to the authentication server, which returns a JWT if the credentials are valid.
- Include the JWT in the Authorization header of your API request.
$ curl -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c" http://example.com/api/protected
Replace the sample token with the actual JWT obtained from your authentication endpoint.
- Use the Bearer schema to send the JWT.
The Bearer schema must be prefixed to the token in the Authorization header to properly authenticate with the API.
- Check the Authorization header to verify the JWT is sent correctly.
$ curl -H "Authorization: Bearer <your_jwt_here>" http://example.com/api/protected -v
The -v option will display the request headers, allowing you to confirm the Authorization header is included correctly.
- Handle errors such as 401 Unauthorized or 403 Forbidden.
Ensure that the JWT is valid and that it has the correct permissions for the resource being requested.
- Refresh the JWT when it expires by making a refresh request.
$ curl -d '{"refreshToken":"<your_refresh_token_here>"}' -H "Content-Type: application/json" http://example.com/auth/refresh
Replace refreshToken with your actual refresh token. This request will provide a new JWT when the previous one expires.
- Automate these steps for regular API interactions.
Use scripting to streamline your authentication process in repeated API calls, especially when interacting with protected endpoints frequently.
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.