Menu
I saw JWT token consists of A-Z,a-Z,0-9 and special characters - and _. I want to know the list of characters that are allowed in a JWT token?
320
I saw JWT token consists of A-Z,a-Z,0-9 and special characters - and _ .
This first JWT had a body approximately 180 characters in length; the total encoded token length was between 300 and 600, depending on the signing algorithm used. The next JWT payload was of approximately 1800 characters, so ten times the size of the previous token.
If the token is signed it will have three sections: the header, the payload and the signature. If the token is encrypted it will consist of five parts: the header, the encrypted key, the initialization vector, the ciphertext (payload) and the authentication tag.
JSON Web Token (JWT) is a compact token format intended for space constrained environments such as HTTP Authorization headers and URI query parameters. JWTs encode claims to be transmitted as a JSON object (as defined in RFC 4627. [RFC4627]) that is base64url encoded and digitally signed and/or encrypted.
From the JWT introduction: “The output is three Base64-URL strings separated by dots”.
Base64 has a number of different variants depending on where the encoding will be used. Typical MIME base64 will use +/ as the final two characters, but Base64-URL (RFC 4648 §5) is intended to be used in URLs and filenames, so uses -_ instead.
Therefore a JWT will use the characters a–z, A–Z, 0–9, and -_.. Or, as a regular expression:
[a-zA-Z0-9-_.]+
If you want to improve on the regex to match the format described:
^[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+\.[a-zA-Z0-9-_]+$
Depending on your flavour of regex, \w should match [a-zA-Z0-9_] so you might be able to make this look a bit neater:
^[\w-]+\.[\w-]+\.[\w-]+$
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
