JSON Web Token (JWT)

A JWT is a set of JSON claims that are signed, encrypted, or both, and are encoded into a web safe form. This set of claims might or might not include some well-known claims defined by the RFC.

The methods of encrypting and signing and the support for key exchange and algorithms are defined in RFCs 7515, 7516, 7517, and 7518. These RFCs cover signing, encryption, key sets, and algorithms. RFC 7519 covers JWT.

A JWT contains three Base64 encoded strings that are separated by dots (“.”).

For a signed JWT, these parts are:

All of these parts are Base64 URL encoded. An example JWT is shown in the following example:

This JWT is signed using the algorithm HS256 and the shared key of “secret”.

We can use http://jwt.io to create and validate simple signed JWTs.


Parent topic: Supported module types