Getting Started

Introduction

Overview and basic concepts of JWT

Core Concepts

Validation & Verification

How to validate and verify JWT tokens

Payload & Structure

Understanding JWT payload and format

Support

Common Errors

Troubleshooting and error resolution

JWT Payload & Structure

Token Components

A JWT consists of three parts separated by dots (.), which are: Header, Payload, and Signature. The payload contains the claims - statements about the entity (user) and additional data.

Token Structure

Example of a complete JWT token

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9

Header (Base64URL encoded)

eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ

Payload (Base64URL encoded)

SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Signature

Standard Claims

Time-related Claims

iat (Issued At)

Time at which the JWT was issued

exp (Expiration Time)

Time after which the JWT expires

nbf (Not Before)

Time before which the JWT must not be accepted

Identity Claims

iss (Issuer)

Entity that issued the token

sub (Subject)

Entity that the token refers to

aud (Audience)

Recipients that the JWT is intended for

Custom Claims

In addition to standard claims, you can include custom claims in your JWT payload. These are specific to your application's needs.

Custom Claims Example

Example of a JWT payload with custom claims

{
  "sub": "1234567890",
  "name": "John Doe",
  "role": "admin",
  "permissions": ["read", "write", "delete"],
  "organization": "acme-corp",
  "plan": "premium",
  "iat": 1516239022
}

Remember that while the payload is Base64URL encoded, it is NOT encrypted. Do not include sensitive information in the payload unless the JWT is encrypted (JWE).

Developer Tools