JWT is self-contained and secured compared to the session ID, as it is digitally signed. JWT consists of the following building blocks:
- Header: This contains the token type and hashing algorithm
- Body: This contains the reserved or custom claims, which serves the user verification details
- Signature: This contains the cryptographic signature made out of the encoded data and private key
Here is a graphical representation of the JWT:
For more details on JWT, refer to the JWT specifications at https://tools.ietf.org/html/rfc7519.
The RFC 7523 (https://tools.ietf.org/html/rfc7523) specification details the usage of JWT for OAuth2.0 client authentication and authorization grants. OAuth2.0 will be covered in the subsequent sections.
The RFC 7523 (https://tools.ietf.org/html/rfc7523) specification details the usage of JWT for OAuth2.0 client authentication and authorization grants. OAuth2.0 will be covered in the subsequent sections.