JWT Anatomy: Header, Payload, Signature
Decode base64url parts and understand each JWT field.
What Is a JWT?
A JSON Web Token (JWT) is a compact, URL-safe token format defined in RFC 7519. It encodes claims (assertions about a subject) and a cryptographic signature in a single string, enabling stateless authentication.
Three-Part Structure
A JWT has the form: base64url(header).base64url(payload).base64url(signature). The dot separates the parts. The header and payload are readable (base64url, not encrypted). Only the signature is cryptographic.
All lessons in this course
- JWT Anatomy: Header, Payload, Signature
- HS256 vs RS256: Symmetric vs Asymmetric JWTs
- JWT Vulnerabilities: alg=none & Key Confusion
- Secure JWT Implementation Best Practices