Recently I started working with JWT based authentication. After user login, a user token is generated which will look like
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ".
It consist of three parts each separated with a dot(.).First part is header which Base64 encoded. After decoding we will get something like
{
"alg": "HS256", //Algorithm used
"typ": "JWT"
}
Second part is claims and Base64 encoded. After decoding we will get something like
{
"sub": "1234567890",
"name": "John Doe",
"admin": true
}
Third part is signature and is generated with
HMACSHA256(
base64UrlEncode(heade