JWT consists of three parts: header, payload, and signature. In the header, we define the encryption algorithm HMAC sha256.
Finally generated token = header_base64 . payload_base64 . signature_encryption .
The hmac here is an irreversible algorithm. How is it possible to parse the original information (such as the expiration time in the payload) from the token for judgment.
I don’t know where I misunderstood JWT.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
You misunderstood. In fact, the encryption process is signature.
If the signature calculation is inconsistent, it is considered that the token has been tampered with. In fact, the first two fields are not encrypted, just base64
JWT uses . to connect all values. . . The signature is determined by the backend to determine whether it has been tampered with, and the information is in the header and payload