Understanding the payload of a JWT

03 Oct 2023

JSONWebToken

JSON Web Tokens (JWTs) have become a popular way to securely transmit information between parties over the web. A JWT consists of three parts: a header, a payload, and a signature. In this article, we will focus on understanding the payload of a JWT and the information it contains.

What is the Payload?

The payload of a JWT is the part where we can include the desired claims or data. It is a base64-encoded JSON object that consists of key-value pairs. The payload can contain public claims, which are a set of predefined claims that are not mandatory but recommended to be supported by JWT implementations for interoperability. Additionally, you can include private claims, which are custom claims defined by the parties involved in the token exchange.

Common JWT Claims

JWT claims can provide various pieces of information about the token or the subject (user) of the token. Here are some common claims used in JWT payloads:

iss: The issuer claim identifies the entity that issued the token.
sub: The subject claim identifies the subject/user the token represents.
aud: The audience claim identifies the recipients for whom the token is intended.
exp: The expiration time claim identifies the time when the token should no longer be accepted.
iat: The issued at claim identifies the time when the token was issued.
nbf: The not-before claim identifies the time before which the token should not be accepted.
jti: The JWT ID claim provides a unique identifier for the token.

Private Claims

In addition to the standard claims, JWT allows for the inclusion of private claims specific to your application or needs. These claims can provide any additional information you want to associate with the token. It is important to ensure that private claims do not clash with standard claims to avoid conflicting interpretations.

Example Payload

Here is an example payload of a JWT:

{
  "iss": "example.com",
  "sub": "user123",
  "exp": 1623811200,
  "customClaim": "someValue"
}

In this example, the JWT payload includes the issuer, subject, expiration time, and a custom claim called “customClaim” with a value of “someValue”.

Conclusion

Understanding the payload of a JWT is essential to work with JSON Web Tokens effectively. Whether you are using standard claims or adding custom claims, the payload allows you to include relevant information for secure token exchange. By decoding the payload, you can access and verify the claims contained within the token, enabling secure communication between parties.

#JWT #JSONWebToken