interview

home / developersection / interviews / what are the parts of a jwt?

Ask Question
Anubhav Kumar

Student

The Anubhav portal was launched in March 2015 at the behest of the Hon'ble Prime Minister for retiring government officials to leave a record of their experiences while in Govt service .

Follow
Can you answer this question?
Answer

1 Answers

Anubhav Kumar

Anubhav Kumar

09-Jun-2025

A JWT (JSON Web Token) has three parts, each separated by a dot (.):

<Header>.<Payload>.<Signature>

1. Header

The header specifies the type of token and the signing algorithm used.

Example:

{
  "alg": "HS256",
  "typ": "JWT"
}
  • alg: Algorithm used for signing (e.g., HS256, RS256)
  • typ: Always "JWT"

This part is Base64Url-encoded.

2. Payload

The payload contains the claims, which are statements about the user or system.

Example:

{
  "sub": "1234567890",
  "name": "Anna Hajare",
  "admin": true,
  "iat": 1717938123,
  "exp": 1717941723
}
  • sub: Subject (usually user ID)
  • iat: Issued at timestamp
  • exp: Expiration time (optional but recommended)
  • You can add custom claims too.

🔓 Note: The payload is not encrypted — just Base64Url-encoded, so anyone can read it.

3. Signature

The signature is used to verify the token’s integrity and authenticity.

It's created like this:

HMACSHA256(
  base64UrlEncode(header) + "." + base64UrlEncode(payload),
  secret
)

If someone modifies the token, the signature check will fail.

Example JWT

Here's a sample (fake) JWT for illustration:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkFubmEgSGFqYXJlIiwiaWF0IjoxNjg3ODQ2NDAwfQ.
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
  • First part = Header
  • Second part = Payload
  • Third part = Signature
MindStick Training
MindStick Training

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy