CBOR Web Tokens (CWTs)
Let’s meet JWTs cousin :)
Heard of JWT tokens? I am sure you have! If not, then please check out this introductory post from Auth0 folks.
Today, I am more interested and excited to talk about the cousin of JWT tokens, that’s more compact, called CWT or CBOR (Concise Binary Object Representation) Web Token!
What’s CBOR?
According to the specification:
The Concise Binary Object Representation (CBOR) is a data format whose design goals include the possibility of extremely small code size, fairly small message size, and extensibility without the need for version negotiation.
In short, these tokens are supposed to provide a data exchange format which is compact!
Why CBOR?
Why another data encoding format though? Isn’t JSON enough?
NO! JSON is good but it is still not as compact and for the low-powered devices such as IoT devices, which have low processing power, it becomes quite important to have compact messages. And that’s where CBOR stands out!
It follows the JSON model and provides you with the datatypes such as numbers, strings, arrays, maps (called objects in JSON), and a few values such as false, true and null.
In addition to that, it embraces the binary format and uses bits to encode information. And since computers love binary and love to work in that, CBOR has an added advantage over JSON in that case.
JSON is designed to be a flexible data exchange format that’s human-friendly, whereas CBOR is a binary format making it quite machine-friendly, especially good for the appetite of low-powered IoT devices!
Use Case for CWT
Now, as you can imagine, CWT having this super-power of being highly compact, embracing the binary format, it saves a lot of bytes and can be easily processed by low-powered devices and machines, making CWTs a more suitable authorization mechanism!
Since its just an encoding format and the underlying data (that is, the claims encoding the permissions for an entity) can still stay the same, CWTs offer the same level of security as JWTs, just reducing the power consumption!
Conclusion
So that was it for a short introduction of CBOR and CWTs and I hope you learnt something interesting today!
I know this post just touches the surface of the comparison between JWTs and CWTs and you really want to see the cousin, and therefore I have planned 2–3 more posts on it, covering all the aspects of CWTs and CBOR format, in more depth and also talk about the security considerations of using CWTs!
Btw if you are enjoying my work and would like to support me, then please check out my Patreon page or you can Buy Me A Coffee.
See ya!
Until next time, keep learning and keep hacking.
