0Pricing
C# Academy · Lesson

JWT Structure and Claims

Understand header, payload, and signature.

What Is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token format used to securely transmit claims between two parties. In ASP.NET Core it is the most common way to authenticate stateless APIs.

A JWT is just a string made of three Base64Url-encoded parts joined by dots: header.payload.signature.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0Iiwicm9sZSI6ImFkbWluIn0.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

The Header

The header describes how the token is signed. It is a small JSON object that gets Base64Url-encoded into the first segment.

alg names the signing algorithm (e.g. HS256, RS256) and typ is almost always JWT.

{
  "alg": "HS256",
  "typ": "JWT"
}

All lessons in this course

  1. JWT Structure and Claims
  2. Configuring JWT Bearer Authentication
  3. Issuing Tokens
  4. Refresh Tokens and Expiry
← Back to C# Academy