JSON Web Tokens

A JSON Web Token (JWT) is a compact, URL-safe string that encodes a set of claims about an entity, typically used for authentication and authorization. It consists of three base64-url-encoded parts -- header, payload, and signature -- joined by dots. The header specifies the signing algorithm (e.g., RS256), the payload carries the claims such as user ID, email, and expiration time, and the signature is created by signing the header and payload with a secret key or private key. Because the signature can be verified with the corresponding public key, a JWT allows a service to trust the integrity and authenticity of the contained information without needing to store session state.

JWT Header contains the information about the encryption algorithm, token type and signing key ID.

{
  "alg": "HS256",
  "typ": "JWT",
  "kid": "130fdcefcc8ed7be6bedfa6fc879722040c92b38"
}

JWT payload contains the user's email, token validity time frame, token issuer, etc.

{
  "sub": "1234567890",
  "name": "John Doe",
  "admin": true,
  "email": "jdoe@zkfold.io",
  "iat": 1516239022
}