-
Token-based authentication is implemented by sending a signed token (verified by the server) with each HTTP request.
-
JWT tokens consist of three Base64Url-encoded parts separated by dots. The Token structure is as follows:
base64UrlEncode(header).base64UrlEncode(payload).base64UrlEncode(signature)- The signature is created by applying the algorithm specified in the JWT header to the encoded header, encoded payload and a secret value.
-
For example, when using the HMAC SHA256 algorithm the signature is created in the following way:
-
HMACSHA256(base64UrlEncode(header) + "." + base64UrlEncode(payload), secret)