0PricingLogin
Spring Security 6 & JWT Authentication · Lesson

JWT Structure and Claims

Deconstruct the three parts of a JWT (Header, Payload, Signature) and understand standard and custom claims.

What's Inside a JWT?

JSON Web Tokens (JWTs) might look like long, random strings, but they have a very clear and organized structure.

A JWT is composed of three distinct parts, each separated by a dot (.):

  • Header
  • Payload
  • Signature

Think of it like a sealed letter: the header is information about the letter itself, the payload is the message inside, and the signature is the wax seal proving its authenticity.

Part 1: The Header

The Header is the first part of a JWT. It's a JSON object that contains metadata about the token itself, primarily telling us what algorithm was used to sign the token.

It typically includes two key elements:

  • alg (Algorithm): Specifies the cryptographic algorithm used for signing the token (e.g., HS256 for HMAC SHA-256, RS256 for RSA SHA-256).
  • typ (Type): Indicates the type of token, which is almost always JWT.

All lessons in this course

  1. Understanding JSON Web Tokens
  2. JWT Structure and Claims
  3. Signing and Verifying JWTs
  4. JWT Expiration and Validation Rules
← Back to Spring Security 6 & JWT Authentication