JWT structure and format

Hello everybody,

today I want to describe a bit structure and format of JWT or json web tokens.

Here you can read official description.

But in my post I'll describe little bit more general information.

The two main ingredients of json web token are: header and claims.

Then if to continue each part can have the following:

  • Header
    • metadata
    • algorithms and keys used
  • Claims
    • Issuer (iss)
    • Audience (aud)
    • IssuedAt (iat)
    • Expiration (exp)
    • Subject ( sub )
    • ... application defined claims

for example it can look like this:

Header {
      "typ" : "JWT",
      "alg" : "HS256"

Claims {
      "iss" : "http://zaletskyy.com",
      "exp" : "1451919380",
      "aud" : "http://blog.zaletskyy.com",
      "sub" : "myblog",

      "client" : "blogReader",
      "scope" : ["read", "search"]


and of course it is passed as base64 encoding:

and you can use following C# code in order to generate token:

var token = new JwtSecurityToken(
                issuer : "http://zaletskyy.com",
                audience : "http://blog.zaletskyy.com",
                claims: GetClaims(),
                signingCredentials : GetCred(),
                expires: DateTime.Now.AddDays(1)
var tokenString = (new JwtSecurityTokenHandler()).WriteToken(token);

No Comments

Add a Comment