JWT (JSON Web Token) is a compact, secure way to transmit information between two parties — usually a client (like a browser or mobile app) and a server — as a JSON object. It’s commonly used for authentication and authorizationin web applications.
Codeflare
A JWT is made up of three parts, separated by dots (.):
xxxxx.yyyyy.zzzzz The header contains metadata about the token, like the type (JWT) and the algorithm used for signing (e.g., HS256).
{
"alg": "HS256",
"typ": "JWT"
} This is then Base64Url-encoded to form the first part of the token.
The payload contains the actual data (claims) you want to transmit, such as user info or token expiry time.
{
"sub": "1234567890",
"name": "John Doe",
"admin": true,
"exp": 1739700000
} iss (issuer), exp (expiration), sub (subject), aud (audience).name, role.This part is also Base64Url-encoded.
To ensure the token wasn’t tampered with, the server signs it using a secret key (or a private key in asymmetric cryptography).
HMACSHA256(
base64UrlEncode(header) + "." + base64UrlEncode(payload),
secret
) The output is encoded again, forming the third part of the token.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.
TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ Authorization header:Authorization: Bearer <token> 6. Server verifies the token → If valid, grants access to protected routes/resources.
Using jsonwebtoken package:
const jwt = require('jsonwebtoken');
// Generate a token
const token = jwt.sign({ userId: 123, role: 'admin' }, 'secretkey', { expiresIn: '1h' });
// Verify a token
try {
const decoded = jwt.verify(token, 'secretkey');
console.log(decoded);
} catch (err) {
console.error('Invalid token');
} Latest tech news and coding tips.
How to Build APIs That Are Easy to Use, Scale, and Maintain Learn on the…
Almost everyone starts learning JavaScript with the wrong expectations. Let's fix them. Download the Codeflare…
Phaser JS is a powerful, open-source HTML5 game development framework used for creating 2D games that…
JavaScript / Node.js Authentication Libraries 1. Passport.js One of the most popular authentication middleware libraries…
Every profession comes with its own set of tools. A carpenter has a toolbox, a…
Every application that stores and manages data relies on a set of basic operations known…