JWT is one of those rare things that pop up once every now and then that solves a real problem in such a beautiful way it’s almost impossible to ignore, resulting in that it becomes a force of its own and ends up becoming the industry standard. My first reaction to the thing when I discovered it was as follows; “Golly gosh this is cool!” However, it comes with compromises, and it forces you to think differently. In this article I will first explain how it works, then I’ll explain its advantages, for then to finish up with how it changes your thinking. First of all, a JWT token is simply 3 JSON objects, each of which are base64 encoded, for then to separate each base64 encoded JSON object with a ”.”. A typical JWT token, therefore, looks like this.
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6I
kpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5cNotice the two . characters in the above example. Also, notice I have added CR/LF sequences to the above example to simplify understanding. An actual JWT token cannot have CR/LF sequences in it. If you break down the above token at for instance jwt.io you can see its 3 segments. These are as follows.