jwt Getting started with jwt Signed JWT (JWS)
Example
A signed JWT includes a Base64 Url Safe encoded signature as the third component. The algorithm used to generate the signature is indicated in the header.
eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
.eyJzdWIiOiJKb2huIERvZSIsImFkbWluIjp0cnVlLCJpYXQiOjE0NzAzNTM5OTQsImV4cCI6MTQ3MDM1NzYyNywianRpIjoiNmU0MDRiYTgtZjg4NS00ZDVmLWJmYTItZTNmNWEwODM4MGE0In0
.7CfBdVP4uKsb0cogYepCvMLm8rcpjBYW1XZzA-a5e44
Header
{
"typ": "JWT",
"alg": "HS256"
}
This JWT was signed with the HMAC-SHA256 algorithm, hence alg: HS256.
Payload
{
"sub": "John Doe",
"admin": true,
"iat": 1470353994,
"exp": 1470357627,
"jti": "6e404ba8-f885-4d5f-bfa2-e3f5a08380a4"
}
This JWT can be verified with the UTF-8 secret notsosecret.
