JWT Tokens has three parts: Header Pay Load Signature Header includes the encryption algorithm and token type. e.g: { "alg" : "HS256", "typ" : "JWT" } Signature is created using base64url encoding the header and payload and concatenating them with a period(.) as a seperator. Take the signature of the token and decode it from base64, take the encryption algorithm from the header and generate the signature for the base64 encoded header + '.' + base64 encoded payload. If the signature received and calculated are matching then nobody has tampered the JWT. - Mayank Gupta
Mayank Gupta's blog contains posts related to important Programming , Web Development Concepts, issues and solutions.