JWT Access Token

The decoded access token is comprised of three parts separated by dots: 


Component Description
JWT header A JSON object containing the JWT protocol identifier and the signature scheme. The header is converted to a JavaScript Object Signing and Encryption (JOSE) header as UTF-8 octets and then encoded as a Base64 string. Example: CODEBLOCK { "typ":"JWT", "alg":"HS256" } CODEBLOCK END
JWT payload A JSON object that contains the JWT claims set (asserted information about the user) or other information. Encoded as a Base64 string. The DNN JWT claims set includes the following:
  • is the session id, which is fixed for the lifetime of the renewal token.
  • is the list of roles assigned to the user. Used in authorization to determine which areas of the site the user can access.
  • is the portal alias of the site that issued the token.
  • is the expiration time of the access token. The token is rejected after this time (plus a small grace period). Expressed as Unix time.
  • is the "not-before" time. The token is rejected before this time. Expressed as Unix time.
Example: CODE BLOCK { "sid":"eecb9bf34bbb4c8eb87dbba3aa1523c6", "role":["Administrators","Registered Users","Subscribers"], "iss":"testsitece.lvh.me", "exp":1450834762, "nbf":1450830862 } CODEBLOCK END
JWT signature The hash/encryption of the header and payload. The encryption method is stated in the header. Encoded as a Base64 string.

The new access token is valid for one hour.



  • DNN Platform
  • Evoq Content
  • Evoq Engage


Parent Topic

Related Tasks

Related Information



Please sign in to leave a comment.