by Ahin Subhra Das
A JSON web token(JWT) is JSON Object which is used to securely transfer information over the web(between two parties), is commonly called, is an open Internet standard (RFC 7519) for securely transmitting trusted information between parties in a compact way . It can be used for an authentication system and can also be used for information exchange.The token is mainly composed of header, payload, signature. These three parts are separated by dots(.).
JWT defines the structure of information we are sending from one party to the another. JWT comes in two forms — Serialized, Deserialized. The Serialized approach is mainly used to transfer the data through the network with each request and response. While the deserialized approach is used to read and write data to the web token.
A JWT consists of 3 strings separated by periods. The 3 of them are the header, payload, and the signature. Follows is an example JWT token made of these 3 parts.
Header :JWT header contains metadata about the token in JSON format. Two fields present in the header are alg and typ. ’alg’ specifies the algorithm used to sign the token when generating the signature, which we will talk about in a moment. ’typ’ specifies the type of the token, which is ’JWT’.
{ "alg": "HS256", "typ": "JWT" }Payload :The payload of a JWT stores information about the token and any other entity in JSON format. Usually, a JWT used for authentication stores some crucial information about the user, such as the user ID and user role.
{ "sub": "12345", "name": "Ahin Das", "admin": false }signature : Signature The last part of a JWT token, the signature, is a Message Authentication Code that is used to verify the token was not modified or generated by an outsider except the authorized application servers.
HMACSHA256( base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)If we put the header, payload and signature then token can be used in the Authorization .
