JWT Specifications
Technical details and specifications for JSON Web Tokens (JWT)
JSON Web Token (JWT)
RFC 7519 - JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.
Structure
A JWT consists of three parts separated by dots (.), which are:
- Header - Typically consists of two parts: the type of the token (JWT) and the signing algorithm being used (e.g., HMAC SHA256 or RSA).
- Payload - Contains the claims. Claims are statements about an entity (typically, the user) and additional data.
- Signature - To create the signature part, you have to take the encoded header, the encoded payload, a secret, the algorithm specified in the header, and sign that.
Example JWT
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Standard Claims
| Claim | Description |
|---|---|
| iss | Issuer of the JWT |
| sub | Subject of the JWT (the user) |
| aud | Audience of the JWT |
| exp | Expiration time |
| nbf | Not before time |
| iat | Issued at time |
| jti | JWT ID |