JWT
Algorithm
Secret
Private Key Random Generate
Public Key (PEM or JWKS)
Header
Payload
Algorithm
Secret
Private Key Random Generate
Public Key (PEM or JWKS)
JWT

Description

JWT : JSON Web Token, an open standard for authentication and authorization, consisting of three parts: Header, Payload, and Signature.
1. The Header typically consists of the token type and the encryption algorithm used.
2. The Payload primarily records simple and non-sensitive information we store. JWT defines 7 official fields:
  • iss (Issuer): The entity issuing the JWT
  • sub (Subject): The subject of the JWT, i.e., the user the JWT is intended for
  • aud (Audience): The recipients of the JWT
  • exp (Expiration Time): The time after which the JWT expires, in UNIX timestamp format
  • nbf (Not Before): Defines the time before which the JWT must not be accepted for processing
  • iat (Issued At): The time at which the JWT was issued, in UNIX timestamp format
  • jti (JWT ID): The unique identifier for the JWT, used to prevent replay attacks
3. The Signature is a string formed by encoding the Header and Payload in Base64, and then encrypting it with a specified method (e.g., HS256) and a secret key, as follows: HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret).