Skip to main content
Ganesh Joshi
Back to Cheatsheets

JWT structure

Updated 2026-02-15

JWT header, payload, and signature. Claims, signing algorithms, and verification basics.

Parts

Header (alg, typ). Payload (claims: sub, iat, exp, etc.). Signature = sign(base64(header).base64(payload), secret). Token = header.payload.signature (base64url).

Verify and use

Decode payload (base64url decode); verify signature with same alg and secret. Never put secrets in payload (only signed, not encrypted). exp = expiry, iat = issued at.

JWT structure | Cheatsheet | Ganesh Joshi