A JSON Web Token (JWT) is split into three parts; the header, body, and signature. This allows small pieces of information to be securely transmitted between parties. The integrity of the information is enforced by the signature. The most common use for JWTs is Authorization and Information Transfer.
Each section of a JSON Web Token is individually Base64Url encoded as {header.body.signature}
The most important information in the header is the algorithm used for the signature. The main algorithms that are supported out there are:
Additional information that may be in the header are:
The Key Identifier contains a value which can be used to get the key for the signature. This value can have 2 different vulnerabilities; SQL Injection and File Traversal. This will be discussed in more detail in the walkthrough section.