Structure
Header: alg + typ. Payload: claims (sub, exp, iat, iss). Signature: HMAC or RSA/ECDSA sign of header + payload.
Advertisement
Common attacks
alg=none: bypass verification if lib accepts. Confusion attack: alg=HS256 with public RSA key as HMAC secret. Weak secrets → brute-force.
Advertisement
Best practices
Explicit alg allowlist. Short expiry. Verify iss/aud. Rotate signing keys. HTTPS transport.