JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object and the notation described here is commonly used to represent JSON objects in JavaScript/JSON. A JWT has the following parts:
Header: This is an encoded JSON object containing the algorithm used for signing the token and the type of the token. For example:
{ "alg": "HS256", "typ": "JWT" }You can find more information about the header in the JWT Header section.
Payload: This is an encoded JSON object containing the claims. Claims are statements about an entity (typically, the entity authenticated by the JWT) and additional metadata about the JWT. For example:
{ "sub": "1234567890", "name": "John Doe", "admin": true }You can find more information about the payload in the JWT Payload section.
Signature: This is the encoded part of the header and the payload, using the specified algorithm. The signature is used to verify the authenticity of the JWT.
To generate a JWT, you can use the following URL: /Documentation/en/Generate/JWT.
JWT Header
The header defines the algorithm used to create the signature of the JWT. The most commonly used algorithms are:
- HS256: HMAC SHA256
- RS256: RSA SHA256
You can find more information about the header in the JWT RFC.
JWT Payload
The payload contains the claims about the entity and additional metadata. The claims are encoded as a JSON object. Here are some commonly used claims:
- sub: The subject of the JWT, which uniquely identifies the entity that owns the JWT.
- name: The name of the entity.
- admin: A boolean claim indicating whether the entity is an administrator.
You can find more information about the payload in the JWT RFC.
Example JWT
Here is an example of a JWT:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
This JWT is signed using the HS256 algorithm and contains the following claims:
- sub: 1234567890
- name: John Doe
- admin: true