How Signing A JWT Token Works

A JWT token consists of a header, body and signature. For the purpose of this article, lets combine the thought of header and body and just call that the body.

The SHA 256 algorithm is a non reversable function of the body to create the signature. You can think of the secret as the parameterization of the function, or just another argument to the function if thats easier. Imagine for the sake of simplicity that the following function is the SHA 256 algorithm. Now obviously the reverse (f{-1}) exists for this function but roll with me.