You’re probably aware that JWT stands for JSON Web Token, but what is it exactly? And how do you use it? Scroll down to the bottom of the article for a quick video that addresses exactly these questions.
In the meantime, please review this resource list.
JWT.IO — for testing and viewing JSON web tokens
Header — determines algo and JWT token type; always before the first period and is BASE64
Payload — all info. you store in the token; until next period; this the data section, which is for our application
sub — subject (the id of the user you’re authenticating); you’d ordinarily store this in a session if not using JWT
name — user’s name (this is custom) and is often seen
iat — “issued at”; when the token was created
eat — “expired at”; the date the token is no longer valid; important to have
Signature — verifies the token hasn’t been saved by the client before it gets sent back to us