About JWT

There are a plenty possibilities to get authorized to some resources at API. The way which I would like to share with you is using JSON Web Token widely known as JWT. I’ll try to explain that based on shopping in grocery store.

If you’re not familiar with authorization, try to imagine shopping at grocery store. At the end of your shopping you have to pay and you want to do that by debit card. The transaction is simple right? Imagine Json Web Token as debit card during shopping. The seller don’t know details about your account and other information. Only what paying terminal know is just debit card number and some CSC code.

JSON Web Token structure

The structure of JWT is simple. It is made from 3 parts:

  • Header – informations about hashing algorithm
  • Payload – mainly the data which are encrypted using Base64Url
  • Signature – purpuse of that part is checking if payload didn’t change while transferring informations. It is signed combination of encrypted header, encrypted payload, secret and encryption algorithm specified in header. In general the structure is
[Header].[Payload].[Signature]

Header example


{
"alg": "HS256",
"typ": "JWT"
}

Payload example


{
"name": "John Doe",
"admin": true
}

Refference