🔑 OAuth 2.0 Flow

// Authorization Code Flow — the secure standard used by "Login with Google/GitHub"

👤
User
wants to log in
🖥
Your App
waiting
🔐
Auth Server
(e.g. Google)
☁️
Resource API
protected

🔍 What's Inside a JWT (Access Token)?

eyJhbGciOiJSUzI1NiJ9 . eyJzdWIiOiJ1c2VyMTIzIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIn0 . SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c
Header (algorithm)
alg: "RS256"
typ: "JWT"
Payload (claims)
sub: "user123"
email: "user@ex.com"
exp: 1735689600
iat: 1735686000
Signature (trust)
HMAC_SHA256(
 base64(header) +
 "." + base64(payload),
 SECRET_KEY
)