Top JWT (JSON Web Token) Interview Interview Questions (2021) | CodeUsingJava

Most frequently asked JWT (JSON Web Token) Interview Questions

  1. What is JWT?
  2. What is the structure of JWT?
  3. Why should we use JWT Tokens?
  4. How to destroy JWT Tokens on logout?
  5. What is a Hashing function?
  6. How can we Use multiple JWT Bearer Authentication?
  7. Name the languages that supports JWT?
  8. How long is JWT token valid?

What is JWT?

JWT securely transmit trusted information between parties in a compact way.This information can be verified when its been digitally signed, it also holds all users claim likw authorization information so its service provider does not need to access the database.It can be signed or encrypted easily.
JWT tokens hold claims that can be encoded as a Json object and are digitally signed by using a private or public key as they are self contained and verifiable as they are digitally signed.

What is the structure of JWT?

JWT is divided into 3 parts:


Header is represented as a JSON object which is encoded to a baseURL.
Payload contains actual data to be transferred using token.It is also called claims.
There are 3 types of Payload:Registered, Public, Private.
Signature is used for verification of the message that was not changed along the way.It is created for using the encoded header, payload, and the algorithm specified in the header.

Why should we use JWT Tokens?

Features of JWT are below:
  • Information Exchange - JWT is good and secure in exchanging information between parties as they can be signed.
  • Easier to process - It used at internet scale, as it is easier to process on users device.
  • More compact - JWT is a smaller token than SAML token, this makes JWT a good choice to be passed in HTML and HTTP environments.
  • Authentication - ID token is always JWT token.
  • Authorization - JWT is widely used for authorization because of the overhead of the format and its ability to easily be used across different domains.
Why use JSON Web Token

How to destroy JWT Tokens on logout?

We can destroy the tokens by deleting the cookie at client side, we also need to invalidate the token from server side before its expiration time.

What is a Hashing function?

Hashing function has lots of practical useful use cases like digital signatures.It helps to enable us to produce a verifiable signature.
Hashing has 4 functions:
Irreversibility - This function is effectively irreversible.
Reproducible - By using we can always validate a given output and can easily reproduce the calculation.
No Collisions - By using fuction we cab get back the exact same result.
Unpredictability - Using this function we can guess the input using a successive incremental method.

How can we Use multiple JWT Bearer Authentication?

We can use multiple JWT bearer authentication by using the following code:
    .AddJwtBearer("Firebase", options =>
        options.Authority = ""
        options.TokenValidationParameters = new TokenValidationParameters
            ValidateIssuer = true,
            ValidIssuer = "my-firebase-project"
            ValidateAudience = true,
            ValidAudience = "my-firebase-project"
            ValidateLifetime = true
    .AddJwtBearer("Custom", options =>
        // Configuration for your custom
        // JWT tokens here

    .AddAuthorization(options =>
        options.DefaultPolicy = new AuthorizationPolicyBuilder()
            .AddAuthenticationSchemes("Firebase", "Custom")

Name the languages that supports JWT?

pyjwt (Python)
jsonwebtoken (Node.js)
java-jwt (Java)
ruby-jwt (Ruby)
jwt-go (Go)

How long is JWT token valid?

JWT access tokens for a finite period of time.JWT tokens are valid till 1200 seconds or 2 minutes.

How to implement Spring Boot + JWT?

Spring Boot + JSON Web Token (JWT)(2021) Hello World Example