JSON Web Token and its Structure
Discover what JSON Web Token consists of.
We'll cover the following...
In an SSO system that relies on OIDC and OAuth, authentication and authorization are done via a JSON Web Token (JWT)—a token that is issued by the IdP upon successful authentication. But how exactly does it work? We will cover that in this lesson.
Raw JWT structure
A JWT consists of three encoded strings separated by dots. The diagram below shows what a typical JWT looks like. Three distinct parts of JWT are denoted in different colors.
Although this looks like a random string of characters, each part contains data presented in JSON format. This is why it's called JSON Web Token. However, this data is encoded by using Base64 encoding. This encoding provides a reliable and consistent method for encoding binary data in a way that ensures compatibility, integrity, and ease of use across different systems and protocols.
The important thing to note is that encoding is not the same as encryption. While encryption is a process of scrambling the data so that only a recipient with a special key can decode it, encoding is a process of transforming the data via a well-known formula. Encryption is performed for security, while encoding is performed for other purposes, such as standardizing delivery format or making the data fit in smaller bytes. Therefore, encoded data can be easily decoded.
The three parts a JWT consists of are as follows:
Header: It provides metadata of the token.
Payload: It provides the information used for ...