xxx => header consist in 2 parts : the type of the toker which is JWT and the signing algorithm being used, such as HMAC SHA256 or RSA.
And then this JSON is Base64Url encoded to form the first part of the the JWT
yyy => payload contains the claims. Claims are statement about an entity (tipically, the user and additional data. 3 types of claims registered, public and private claims
Registeredclaims are a set of predefined claims which are not mandatory but recommended. Iss(issuer),exp(expiration time), sub(subject), aud(audience)
Public claims: these can be defined at will by those using JWT’s but to avoid collision they should be defined in the iana json web token tegistry or be defined as UTI that contains a collision resistant namespaces
Private claims : these are custom claims created to share information between parties that gree using them
“name” : John Doe,
ZZZ => Signature to create signature part you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that
base64UrlEncode(header) + “.” +
Application(Client) => 1) authorization Server 2) => Application (Client) => 3) API resource server
The client application requests authorization to the authorization server. This is performed through one of the different authorization flows hereunder:
The Authorization Code Flow goes through the following steps.
Client prepares an Authentication Request containing the desired request parameters.
Client sends the request to the Authorization Server.
Authorization Server Authenticates the End-User.
Authorization Server obtains End-User Consent/Authorization.
Authorization Server sends the End-User back to the Client with an Authorization Code.
Client requests a response using the Authorization Code at the Token Endpoint.
Client receives a response that contains an ID Token and Access Token in the response body.
Client validates the ID token and retrieves the End-User’s Subject Identifier
When the authorization is granted the authorization server returns an access token to the application.
The application uses the access token to access a protected resource (like an API)
Information in signed tokens are exposed to users and or other parties. Even though they can’t change it. Secret information shouldn’t be stored within the token
1) configure nano .bash_profile export PATH="$PATH:/Users/drini/bin:/usr/local/bin:/usr/local/sbin/:usr/local/mysql/bin"
need to re-open the terminal in order the change to take in the account
2) install XCode because we neeed to use the compiler GCC xcode-select --install
check if the gcc is installed by executing gcc -v
3) install the package manager for the OS X called homebrew from https://brew.sh/
– check the installation version with the following commande brew doctor and brew update
– please reopen the terminal inorder to take in account the changes
4) install or verify if ruby is installed through homebrew ( with RVM or the rbenv) ruby -v brew install rbenv vi .bash_profile and add the following line eval "$(rbenv init -)"
– if you want to avoid the restart of the terminal you can run source ˜/.bash_profile rbenv install --liste rbenv install 2.5.0 rbenv rehash rbenv versions ruby -v rbenv global 2.5.0
5) install RubyGems and the Gem called Rails gem -v gem update --system gem install rails
6) install MySQL with homebrew command brew install mysql brew services start mysql mysql_secure_installation mysql -uroot -p gem install mysql2
7) install webserver nginx (puma can be an alternative) brew install nginx sudo nginx sudo nginx -s stop sudo nginx
-Testing, Open Navigator it by going to URL: http://localhost:8080
– Configuration, The default place of nginx.conf on Mac after installing with brew is:
8) texteditors IDE’s and other business
– Atom, Sublime Textmate, RubyMIne Eclipse, Netbeans
9) Create project create database and manage projects mdkdir Sites cd Sites rails new demo_site -d myssql rbenv local2.5.0 mysql -ruser -p CREATE DATABASE demo_site_dev CREATE DATABASE demo_site_test GRANT ALL PRIVILEGES ON demo_site_dev.* TO 'demo_user'@'localhost' IDENTIFIED BY 'demoPass'; GRANT ALL PRIVILEGES ON demo_site_test.* TO 'demo_user'@'localhost' IDENTIFIED BY 'demoPass'; rails db:schema:dump rails server
First of all you can obtain the the certificate from the following address
strongly recommended to use internet explorer
When you receive the certificate under name.cer you need to convert it before creating the digital identity under outlook, so install the certificate on firefox and backup it in a certificate name.p12 format
> Open Outlook and click the File tab in the ribbon. On the left hand menu list, click Options > Trust Center > Trust Center Settings… button. A window named Trust Center will appear. Click E-mail Security (on the left).
Import existing Digital ID from a file and Browse, select the file backed up from Mozilla firefox earlier
> Once this done you should check the options for the Signing Certificate