JSON Web Tokens (JWT) are an open standard (RFC 7519) that define a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed.

What is JWT?

JWT is composed of three parts separated by dots (.), and each part is base64Url encoded. The three parts are:

  1. Header: This part contains the type of the token, which is JWT, and the signing algorithm being used. For example, {"alg":"HS256","typ":"JWT"}.
  2. Payload: This part contains the claims about the user. Claims are statements about an entity (typically, the end-user) and additional data. For example, {"sub":"1234567890","name":"John Doe","admin":true}.
  3. Signature: This part is created by taking the base64Url encoded header and base64Url encoded payload, concatenating them, then signing the result with a secret or a public/private key pair using the specified algorithm.

How does JWT work?

  1. The client requests authentication from the server.
  2. The server authenticates the user and issues a JWT.
  3. The client stores the JWT on their side (e.g., in a cookie or local storage).
  4. The client sends the JWT in the Authorization header with the Bearer scheme to the server for every subsequent request.

JWT in our documentation

For more detailed information about JWT and its usage in our system, please refer to our JWT Documentation.

JWT provides a secure way to transmit information between parties, and it is widely used in modern web applications. For further reading, you can check out this article on jwt.io, which provides a comprehensive guide to JWT.

Image: JWT Structure

JWT_Structure