About JSON Web Tokens (JWT)
JWTs are a compact, URL-safe means of representing claims to be transferred between two parties. They consist of three Base64-encoded parts separated by dots: Header, Payload, and Signature.
JWT Structure
- Header — Contains the token type and signing algorithm (e.g., HS256, RS256)
- Payload — Contains the claims (data) such as user ID, expiration, etc.
- Signature — Used to verify the token hasn't been tampered with
Common Claims
- iss — Issuer
- sub — Subject (usually user ID)
- exp — Expiration time (Unix timestamp)
- iat — Issued at time
- aud — Audience