Security11 min read
JWT Structure Decoded: Header, Payload, and Signature
A JWT is three Base64URL parts joined by dots — header.payload.signature. The first two are only encoded (anyone can read them); the signature makes it tamper-evident.
M H Tawfik