🔑JWT & Auth

Standard JWT Access Token

Structure for a typical JSON Web Token used for API authorization.

Explanation

Access tokens contain claims about the user and their permissions, allowing the server to authorize requests without querying the database every time.

Examples

Payload Example
Output
{ "sub": "1234567890", "name": "John Doe", "iat": 1516239022 }

Code Examples

JWT Payload 
{
  "sub": "user_123",
  "name": "Jane Smith",
  "email": "jane@example.com",
  "role": "admin",
  "iat": 1705069800,
  "exp": 1705073400,
  "iss": "vaima-auth-server"
}

💡 Tips

  • sub (Subject) is usually the unique User ID
  • exp (Expiration) should be short-lived for security
  • Avoid putting sensitive data like passwords in the payload

⚠️ Common Pitfalls

  • JWTs are only encoded, not encrypted, by default. Anyone can read the payload.
← Back to All Templates