Search Tutorials


What is JWT(JSON Web Token) | JavaInUse

What is JWT?

In this tutorial we will be learning the basic of JSON Web Token (JWT). In next tutorial we will be implementing Spring Boot +JWT + MYSQL Hello World Example
JWT stands for JSON Web Token. JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. The client will need to authenticate with the server using the credentials only once. During this time the server validates the credentials and returns the client a JSON Web Token(JWT). For all future requests the client can authenticate itself to the server using this JSON Web Token(JWT) and so does not need to send the credentials like username and password.

Spring Boot JSON Web Token- Table of Contents

What is JWT(JSON Web Token) Online JWT Generator Online JWT Decoder Spring Boot +JSON Web Token(JWT) Hello World Example Spring Boot +JSON Web Token(JWT) + MYSQL Example Spring Boot RestTemplate + JWT Authentication Example Spring Boot RestTemplate + JWT Authentication Example Spring Boot Security - Refresh Expired JSON Web Token Angular 7 + Spring Boot JWT Authentication Hello World Example

Video

This tutorial is explained in the below Youtube Video.

Workflow of how JWT is used


JWT Workflow

During the first request the client sends a POST request with username and password. Upon successful authentication the server generates the JWT sends this JWT to the client. This JWT can contain a payload of data. On all subsequent requests the client sends this JWT token in the header. Using this token the server authenticates the user. So we don't need the client to send the user name and password to the server during each request for authentication, but only once after which the server issues a JWT to the client. A JWT payload can contain things like user ID so that when the client again sends the JWT, you can be sure that it is issued by you, and you can see to whom it was issued.

Structure of JWT

JWT has the following format -header.payload.signature
JWT Format
Structure of JWT-
Structure of JWT
An important point to remember about JWT is that the information in the payload of the JWT is visible to everyone. So we should not pass any sensitive information like passwords in the payload. We can encrypt the payload data if we want to make it more secure. However we can be sure that no one can tamper and change the payload information. If this is done the server will recognize it.

Creating a JWT Token

We will be creating a JWT token using JWT Online Token Generator
Specify the payload data as folows-
Create JWT
We will be having following claims in the payload-
JWT Claim
Sign the payload using the hashing algorithm-
JWT hash

Inspect the contents of the created token

We will be inspecting JWT token using JWT Online Decoder

JWT decode