Search Tutorials

Understand JSON Web Token(JWT) Structure

Understand JSON Web Token(JWT) Structure

In this tutorial we will be understanding JSON Web Token(JWT) Structure. We saw in the previous tutorial how JWT can be used for Authorization. We also discussed that JWT is self reliant to store all the necessary user information itself. We will look into how JWT makes this possible.


This tutorial is explained in the below Youtube Video.

Spring Boot JSON Web Token- Table of Contents

Understanding the need for JSON Web Token(JWT) Understanding JWT Structure Implement Spring Boot Security Implement Spring Boot + JSON Web Token Security Implement Spring Boot Security + JSON Web Token + MySQL Spring Boot RestTemplate + JWT Authentication Example Spring Boot Security - Refresh Expired JSON Web Token Angular 7 + Spring Boot JWT Authentication Hello World Example Online JWT Generator Online JWT Decoder

Structure of JWT

A JWT consists of 3 parts -

  • Header
  • Payload
  • Signature
This is how a JWT token looks like-

The 3 parts of JWT are seperated by a dot.Also all the information in the 3 parts is in base64 encoded format.

Let us have a look at each of the three parts of JWT and its functionality.

An important point to remember about JWT is that the information in the payload of the JWT is visible to everyone. There can be a "Man in the Middle" attack and the contents of the JWT can be changed. So we should not pass any sensitive information like passwords in the payload. We can encrypt the payload data if we want to make it more secure. However we can be sure that no one can tamper and change the payload information. If this is done the server will recognize it.

Creating a JWT Token

We will be creating a JWT token using JWT Online Token Generator
Specify the payload data as folows-
Create JWT

Inspect the contents of the created token

We will be inspecting JWT token using JWT Online Decoder

JWT decode