Looking Inside a JSON Web Token

Get to know the JSON web token in depth.

In the previous lesson, we looked at how to use the flask_extended_jwt Python package to create tokens and how to use those tokens to communicate with the Flask API.

Structure of an access token

The tokens themselves were inscrutable sequences of characters, such as:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

What does this mean? Is this just the username information encrypted? This access token looks encrypted because it’s a jumble of symbols, but it’s not. Rather, it’s just encoded, meaning that it can be decoded without requiring a secret key.

Decoding the token

The JWT website provides a debugger tool for checking the access token. We paste the string there and see what it says. It pulls out the header, the payload, and the signature. However, it’s unable to verify the signature until we enter the secret with which the token was signed. ...

Access this course and 1400+ top-rated courses and projects.

Introduction

Basic Client Pages with React

Dynamic Client-Side Pages with React

Server-Side API Creation with Flask

Database Definition and Creation with SQLAlchemy

Code Documentation with Sphinx

An Introduction to Code Testing

UI Testing

API Testing

Database Integrity Testing

Automatically Testing Every Update

Design a Web Application

Build the Data Model

Build the REST API

Build the React Client

Finishing Touches for the App

Web Authentication

Deploy the Application

Conclusion

Appendix

Looking Inside a JSON Web Token

Structure of an access token

Decoding the token