🔑 JWT

JSON Web Token (JWT)

JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

Structure

A JWT typically consists of three parts separated by dots: header, payload, and signature.

1. Header: Contains the metadata for the token and the type of the signature.
2. Payload: Contains the claims. Claims are statements about an entity (typically, the user) and additional data.
3. Signature: The signature is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way.

Usage

It has 2 modes: Encode and Decode.

Encode

1. Enter the payload JSON.
2. Select the algorithm.
3. Enter the secret or public key. If the algorithm is HS, enter the secret key. If the algorithm is RS, the other case, enter the private key. ES algorithm needs ECC(Elliptic Curve Cryptography) key pair. The other algorithms need RSA key pair. Once all the necessary information is in place, the JWT is output in the left pane according to the set values.

Decode

1. Enter the JWT, and the payload on the right will be shown if the payload is decodable.
2. If the algorithm is HS, enter the secret key.
3. If the JWT is successfully verified with a secret or public key, "Signature Verified" is displayed; if not, "Invalid Signature" is displayed.