Frequently asked JWT Interview Questions (2021)

Most Frequently asked JWT Interview Questions (2021)

In this post, questions of JWT Interviews will be answered for Experienced and Freshers. We're trying to share our experience and learn how to help you make progress in your career.

Spring Boot Security Interview Questions:

  1. Spring Security Interview Questions
  2. OAuth2.0 Interview Questions
  3. JWT Interview Questions
  4. SAML Interview Questions

Q: What is JWT? How to implement?

JSON Web Token (JWT) is an open standard (RFC 7519) that specifies a compact and self-contained way of transmitting information securely as a JSON object between parties. This information can be verified and trusted as it has been digitally signed. It can also hold all the user's claim, like authorization information, so that the service provider does not need to access the database to validate user roles and permissions for each request; data is extracted from the token.

Refer Spring Boot Security + JWT (JSON Web Token) Authentication Example for implementation.

Q: What is Workflow of JWT?

JWT Workflow

  • Customers sign in by submitting their credentials to the provider.
  • Upon successful authentication, it generates JWT containing user details and privileges for accessing the services and sets the JWT expiry date in payload.
  • The server signs and encrypts the JWT if necessary and sends it to the client as a response with credentials to the initial request.
  • Based on the expiration set by the server, the customer/client stores the JWT for a restricted or infinite amount of time.
  • The client sends this JWT token in the header for all subsequent requests.
  • The client authenticates the user with this token. So we don't need the client to send the user name and password to the server during each authentication process, but only once the server sends the client a JWT.

Q: What is the structure of JWT?

JWT consists of 3 parts - Header.Payload.Signature
It generate JWT token as in the form of a.b.c which represent header.payload.signature

Refer JWT Introduction for more details.

Q: What is expiration date of JWT?

The JWT access token is only valid for a limited period of time. Using an expired JWT would cause the operation to fail. This value is normally 1200 seconds or 20 minutes.

Q: How do we specify expiration date of JWT?

private String doGenerateToken(Map<String, Object> claims, String subject) {

		return Jwts.builder().setClaims(claims).setSubject(subject).setIssuedAt(new Date(System.currentTimeMillis()))
				.setExpiration(new Date(System.currentTimeMillis() + jwtExpirationInMs)).signWith(SignatureAlgorithm.HS512, secret).compact();

Q: What are the advantages of JWT?

  1. Good Performance: JWT itself contains all information, so we don't have to go to Authorization server to get the user's information to verify whether user is valid or not.
  2. Portable: Allow to use multiple backends with single access token.
  3. It is Very Mobile Friendly, because cookies are not required.
  4. JWT contains expiration date as a claim that can be used to determine when the access token is going to expire.
  5. It's very secure way to validate the user information, as it's digitally signed.
  6. It's digitally signed, so if anyone updates it the server will know about it.
  7. It is most suitable for Microservices Architecture.
  8. It has other advantages like specifying the expiration time.

Checkout our related posts :

Q: How to implement JWT with MYSQL?

Refer Spring Boot Security + JWT (JSON Web Token) Authentication using MYSQL Example for implementation.

Q: How to implement JWT with Angular?

Refer Angular 8 + Spring Boot JWT (JSON Web Token) Authentication Example for implementation.

Recommendation for Top Popular Post :