JWT Structure and Claims
Understand header, payload, and signature.
What Is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format used to securely transmit claims between two parties. In ASP.NET Core it is the most common way to authenticate stateless APIs.
A JWT is just a string made of three Base64Url-encoded parts joined by dots: header.payload.signature.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0Iiwicm9sZSI6ImFkbWluIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5cThe Header
The header describes how the token is signed. It is a small JSON object that gets Base64Url-encoded into the first segment.
alg names the signing algorithm (e.g. HS256, RS256) and typ is almost always JWT.
{
"alg": "HS256",
"typ": "JWT"
}All lessons in this course
- JWT Structure and Claims
- Configuring JWT Bearer Authentication
- Issuing Tokens
- Refresh Tokens and Expiry