JWT Tokens
What on Earth is JWT?
JWT is an abbreviation for JSON Web Token, which refers to a very common way of conveying small amounts of data between the browser and the server, or between information systems, in digitally signed form.
JWT tokens usually look like this: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
If you look closely, you will notice that the token has three parts separated by dots.
- First part: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
- Second part: eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ
- Third part: SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
All parts of the token are base64 encoded. Base64 is a widely used method to convert any type of data into a format consisting of 64 different characters, and back again.
Learn to hack — start here
Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.