ES
JSON Web Token

X-Ray: JWT

Anatomy of a Secure Token

eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.

1. Header

{ "alg": "HS256", "typ": "JWT" }

eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIn0.

2. Payload

{ "sub": "1234567890", "name": "John Doe" }

z2DmVEGQgBfehGn5Xrqh8bpH6cVstDhV7QPwZg1lQkc

3. Signature

HMACSHA256(header + "." + payload, secret)

Standard

Defined by RFC 7519 to securely transmit information as a JSON object.

Stateless

The server doesn't need to store sessions, as the token contains everything needed for verification.

Compact

Easy to send via URL, POST or HTTP headers.

Secure

Digital signature ensures data wasn't tampered with.

Cross-Domain

Works perfectly across different microservices.

JSON Native

Readable by any modern language or platform.

logo xeland314
CLIENT stores • SERVER verifies.