Token

JWT Token

HEADER

PAYLOAD

What is JWT?

JSON Web Token (JWT) is an open standard for securely transmitting information between parties as a JSON object. JWTs are commonly used for authentication and information exchange.

JWT Structure

A JWT consists of three parts separated by dots (header.payload.signature):

1. Header

Contains metadata about the token:

• typ: Token type (usually "JWT")

• alg: Signing algorithm (e.g., "HS256", "RS256")

2. Payload

Contains the actual data and claims:

• Registered claims (optional):

- iss (issuer): Who created the token

- sub (subject): Who the token is about

- exp (expiration time): When the token expires

- iat (issued at): When the token was created

• Public claims: Custom claims defined by the application

• Private claims: Custom claims agreed upon by parties

3. Signature

Verifies the token's authenticity and integrity using the header's algorithm and a secret key.