JWT

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Scenario Link to heading

• Authenticaion
• Message Exchange

Structure Link to heading

💡Base64Url encoded string separated by dot(.)

• Header
• Payload
• Signature

Common Header Link to heading

• “typ” (Type)
• “alg” (Algorithm)
• “kid” (Key ID)

Common Claim Link to heading

• “iss” (Issuer)
• “sub” (Subject)
• “aud” (Audience)
• “exp” (Expiration Time)
• “nbf” (Not Before)
• “iat” (Issued At)
• “jti” (JWT ID)

Common Signature Algorithm Link to heading

• HS256(384, 512)
• RS256(384, 512)
• ES256(384, 512)
• none
  • need extra encryption

Example Link to heading

Header

{
  "alg": "HS256",
  "typ": "JWT"
}

💡Encoded Header: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

Payload

{
  "iss": "RandX",
  "iat": 1732346623
}

💡Encoded Payload: eyJpc3MiOiJSYW5kWCIsImlhdCI6MTczMjM0NjYyM30

Siganture: Vz6X8CiBBR42_-a7BB66JEIYHwFYLY3nIGA8gk3_CGs

💡Secret key: RandX829

💡Alogrithm: HS256

Final JWT

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJSYW5kWCIsImlhdCI6MTczMjM0NjYyM30.Vz6X8CiBBR42_-a7BB66JEIYHwFYLY3nIGA8gk3_CGs

Ref Link to heading

• JSON Web Token (JWT)
• JSON Web Signature (JWS)
• Introduction to JSON Web Tokens