Security Tools

JWT Cheatsheet

JWT claims reference with algorithm comparison. Quick lookup for JSON Web Token development.

iss

Issuer — identifies the principal that issued the JWT

"iss": "https://auth.example.com"
sub

Subject — identifies the principal that is the subject of the JWT

"sub": "user-12345"
aud

Audience — identifies the recipients the JWT is intended for

"aud": "https://api.example.com"
exp

Expiration Time — time after which the JWT must not be accepted (Unix timestamp)

"exp": 1700000000
nbf

Not Before — time before which the JWT must not be accepted (Unix timestamp)

"nbf": 1699900000
iat

Issued At — time at which the JWT was issued (Unix timestamp)

"iat": 1699900000
jti

JWT ID — unique identifier for the JWT, used to prevent replay attacks

"jti": "abc-123-def-456"
name

Full name of the user (OpenID Connect)

"name": "Jane Doe"
email

Email address of the user (OpenID Connect)

"email": "jane@example.com"
roles

Custom claim for user roles (not standard, but common)

"roles": ["admin", "editor"]
scope

OAuth 2.0 scopes granted to the token

"scope": "read write"
typ

Token type (header claim)

"typ": "JWT"
algrequired

Algorithm used to sign the token (header claim)

"alg": "HS256"
kid

Key ID — hint for which key was used to sign (header claim)

"kid": "key-2024-01"

© 2026 xsantcastx Development Studio | All Rights Reserved

v1.0.0

Crypto Donations

Bitcoin (BTC)
Ethereum (ETH)
Solana (SOL)

PayPal Donation

Support my development work with a secure PayPal donation

Amount:
Processing...

Your support helps me create better projects!

Card Donation

Support my work with a secure card payment

Amount:
⚠️ Stripe is not configured. Please contact the site administrator.

Powered by Stripe for secure transactions

🍪 Cookie Preferences

We use analytics cookies to improve your experience and understand how our site is used.

These cookies help us analyze traffic and optimize performance. No personal data is sold or shared.