JWT or JSON Web Token is JSON base standard for credential access (RFC 7519). The token contains access claims. For
What is JWT structure?
Typically JWT looks like:
xxxx.yyyy.zzzz
JSON Web Token contains 3 elements: Header (xxxx), Payload (yyyy) and Signature (zzzz). Every part of token is Base64 encoded.
Header
{
"typ":"JWT",
"alg":"HS256"
}
The header contains information about the token type and signature algorithm. Property “
Payload
The payload contains user “claims”. It can be user data or access options. You can add as many options as you want.
Signature
Signature is used to verify the token data. The algorithm to create signature is:
- Calculate Base64 URL encoded header and payload.
- Concatenate encoded header and payload with “.”
- Compute signature with your secret and the string from step 2
- Get Base64 URL encoded string from step 3
How does it work?

On the picture above you can see an example usage of JWT. The Sign-in step can be with username and password, windows authentication, external API like Facebook, Google or some other method of our choosing. The authentication server sends
successfully validates the token, it processes the call.
Leave A Comment