Challenge - 5 Problems
JWT Mastery Badge
Get all challenges correct to earn this badge!
Test your skills under time pressure!
❓ component_behavior
intermediate1:30remaining
What does the JWT header typically contain?
In a JWT token, the header part is a JSON object. What information does it usually hold?
Attempts:
2 left
💡 Hint
Think about what the system needs to know to verify the token's signature.
✗ Incorrect
The JWT header contains metadata about the token, mainly the signing algorithm (e.g., HS256) and the token type (usually 'JWT').
❓ component_behavior
intermediate1:30remaining
What is stored in the JWT payload?
The payload section of a JWT contains claims. What kind of information is typically stored here?
Attempts:
2 left
💡 Hint
Think about what data the server wants to share securely with the client.
✗ Incorrect
The payload contains claims such as user ID, roles, and token expiration time.
📝 Syntax
advanced1:30remaining
What is the correct order of JWT parts?
A JWT token is made of three parts separated by dots. What is the correct order of these parts?
Attempts:
2 left
💡 Hint
Remember the token looks like three base64 strings separated by dots.
✗ Incorrect
The JWT format is: base64UrlEncode(header).base64UrlEncode(payload).base64UrlEncode(signature).
🔧 Debug
advanced2:00remaining
Why does this JWT signature verification fail?
Given a JWT token, the signature verification fails in Spring Boot. Which of these is the most likely cause?
Attempts:
2 left
💡 Hint
Think about what must match exactly to verify a signature.
✗ Incorrect
Signature verification requires the same secret key used for signing. If keys differ, verification fails.
🧠 Conceptual
expert2:00remaining
What is the role of the JWT signature?
Why is the signature part important in a JWT token?
Attempts:
2 left
💡 Hint
Think about how the server trusts the token's data.
✗ Incorrect
The signature is created by signing the header and payload with a secret key. It helps verify the token's integrity and authenticity.