URI query argument Self-contained Work in Python, Go, Node.js, PHP, Ruby, Javascript, Java and Haskell Cross-language Includes all the required informations about itself, including what and why
parts separated by dot aaaaaaaaa.bbbbbbbbbbbbb.cccccc // Real world JWT eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9 .eyJrZXkiOiJ2YWwiLCJpYXQiOjE0MjI2MDU0NDV9 .eUiabuiKv-8PYk2AkGY4Fb5KMZeorYBLw261JPQD5lM
What is the subject of the JWT aud (Audience) Who can process the JWT exp (Expiration time) Until when is the JWT valid nbf (Not before) From when can the JWT be processed iat (Issued at) When the JWT has been delivered jti (JWT ID) What is the JWT unique identifier defined by the RFC not mandatory recommended to use not relevant in all contexts Those claims are:
in which both the sender and the receiver of a message share a single, common key that is used to encrypt and decrypt the message. e.g: HS256 (HMAC) Asymmetric cryptography is any cryptographic system that uses pairs of keys: public keys which may be disseminated widely, and private keys which are known only to the owner. e.g: RS256 (RSA)