Json Web Token In a Nutshell - JWT 🔐

Ali Samir
Dec 21, 2023
2 min read
post_comment0 Comments
post_like1 Likes

In the vast landscape of web development and security, JSON Web Tokens (JWTs) have emerged as a compact and versatile solution for transmitting information between parties.

In a nutshell, JWTs consist of three main components:

  • Header
  • Payload
  • Signature

Here's a brief overview of each component:

#1. Header

The header of a JWT contains essential metadata about the type of token and the signing algorithm being employed. This information is encoded in Base64Url format and typically looks like this:

2  "alg": "HS256",
3  "typ": "JWT"

In this example, the algorithm used for the signature is HMAC SHA256.

#2. Payload

The payload carries claims, which are statements about the user or entity, along with additional data. Like the header, the payload is Base64Url encoded. Here's a simple payload example:

2  "sub": "1234567890",
3  "name": "John Doe",
4  "iat": 1516239022

In this case, "sub" represents the subject (user), "name" is the user's name, and "iat" is the issued at timestamp.

#3. Signature

The signature is a crucial part of the JWT, ensuring its integrity and authenticity. To create the signature, the encoded header, encoded payload, a secret, and the specified algorithm are used. For instance, with HMAC SHA256:

HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)

The resulting JWT is formed by concatenating the encoded header, encoded payload, and signature, separated by dots.


#Use Cases:

JWTs find widespread use in authentication mechanisms, especially in Single Sign-On (SSO) systems. They offer a streamlined way to transmit information securely, eliminating the need for constant database queries for verification.


In a nutshell, JSON Web Tokens provide a lightweight and efficient means of securely transmitting information between parties. By encapsulating data in a format that includes both content and a signature for verification, JWTs play a pivotal role in the realm of web development, offering a secure and scalable solution for various applications.

You are not logged in.