HAKATEMIA
01Intro

JWT Tokens

Easy20MIN

What on Earth is JWT?

JWT is an abbreviation for JSON Web Token, which refers to a very common way of conveying small amounts of data between the browser and the server, or between information systems, in digitally signed form.

JWT tokens usually look like this: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

If you look closely, you will notice that the token has three parts separated by dots.

  • First part: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
  • Second part: eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ
  • Third part: SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

All parts of the token are base64 encoded. Base64 is a widely used method to convert any type of data into a format consisting of 64 different characters, and back again.

1 / 6
Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.