JWT, yaani JSON Web Token, ek compact, self-contained way hoti hai data ko transmit karne ka. Yeh ek open standard (RFC 7519) hai, jo information ko securely JSON format mein encode karne ke liye use hota hai. JWT ek string hoti hai jo client aur server ke beech information exchange mein use hoti hai.
JWT ka structure typically teen parts mein hota hai, jo base64url encoding ke zariye combine kiye jate hain:
1. Header: Header part JSON format mein hota hai aur typically two parameters contain karta hai:
- `alg` (Algorithm): Token ko sign karne ya verify karne ke liye use hone wala cryptographic algorithm ko specify karta hai (e.g., HMAC SHA256 or RSA).
- `typ` (Type): Token ka type hota hai, jo yeh indicate karta hai ki yeh JWT hai.
Example Header:
{
"alg": "HS256",
"typ": "JWT"
}
2. Payload: Payload part mein actual information hota hai jo share kiya jana hai. Iss part mein kuch reserved claims hote hain (e.g., `iss` for issuer, `sub` for subject, `exp` for expiration time, etc.) aur custom claims bhi include kiye ja sakte hain.
Example Payload:
{
"sub": "1234567890",
"name": "John Doe",
"exp": 1516239022
}
3. Signature: Signature part header aur payload ko combine karke, secret key ka use karke create kiya jata hai. Yeh signature verify karne ke liye server ke pass secret key hona zaroori hai.
Example Signature:
HMACSHA256(
base64UrlEncode(header) + "." +
base64UrlEncode(payload),
secret
)
