interview

home / developersection / interviews / how is a jwt validated?

Ask Question
Anubhav Kumar

Student

The Anubhav portal was launched in March 2015 at the behest of the Hon'ble Prime Minister for retiring government officials to leave a record of their experiences while in Govt service .

Follow
Can you answer this question?
Answer

1 Answers

Anubhav Kumar

Anubhav Kumar

09-Jun-2025

A JWT (JSON Web Token) is validated through a series of steps to ensure it is authentic, untampered, and still valid (not expired).

Here’s how JWT validation works:

1. Split the Token

The JWT comes as a string like this:

<Header>.<Payload>.<Signature>

The system splits it into three Base64Url-encoded parts.

2. Verify the Signature

The server uses the header’s algorithm (e.g., HS256 or RS256) and a secret key (or public key) to recompute the signature:

computedSignature = sign(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)

Then it checks:

computedSignature == signatureFromToken

If they don’t match, the token was tampered with ⇒ reject it.

3. Check Expiration (exp claim)

JWTs typically contain an exp (expiration) claim:

"exp": 1717941723

This is a Unix timestamp. If the current time is past this timestamp, the token is expired.

Expired tokens are invalid, even if the signature is correct.

4. Validate Other Claims (optional)

You can validate any other claims as needed:

Claim Purpose
iss Issuer – who issued the token
aud Audience – who it was issued for
nbf Not before – when the token becomes valid
iat Issued at – when the token was created

If any of these don’t match expected values ⇒ reject the token.

5. Use the Payload Data

If the token passes all validations, the server trusts the payload (e.g., userId, roles, etc.) and grants access.

Summary of JWT Validation Steps

Step What it checks
Signature Token integrity and authenticity
Expiration (exp) Valid time window
Claims (optional) Correct issuer, audience, etc.

 

advertising
advertising

Liked By

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy