The Contents of a JWT
In the previous exercise, during step 7, we requested a token from the server and saved the value to our local Terminal session. For the exercise to have worked, the JWT should have the three parts separated by a period. If we take the JWT that was returned from our
echo $TOKEN command and put it into the website jwt.io, we can look at the contents of the JWT more closely.
Additionally, paste your secret value into the bottom-right corner of the GUI, which should display Signature Verified in the bottom-left corner. This tells us that the JWT being viewed was created using the private signature:
Figure 4.22: Showing JWT.io with JWT data
The JWT website allows us to easily visualize what the three sections of the JWT represent. The first section in red is the header, that is, information that describes the encoding standard used. The purple section is the payload – it contains the data that was verified by the server when the...