0Pricing
Cryptology Academy · Lesson

JWT Anatomy: Header, Payload, Signature

Decode base64url parts and understand each JWT field.

What Is a JWT?

A JSON Web Token (JWT) is a compact, URL-safe token format defined in RFC 7519. It encodes claims (assertions about a subject) and a cryptographic signature in a single string, enabling stateless authentication.

Three-Part Structure

A JWT has the form: base64url(header).base64url(payload).base64url(signature). The dot separates the parts. The header and payload are readable (base64url, not encrypted). Only the signature is cryptographic.

All lessons in this course

  1. JWT Anatomy: Header, Payload, Signature
  2. HS256 vs RS256: Symmetric vs Asymmetric JWTs
  3. JWT Vulnerabilities: alg=none & Key Confusion
  4. Secure JWT Implementation Best Practices
← Back to Cryptology Academy