Developer reference
JWT and HMAC Cheatsheet
Compact JWT, HMAC, hash, checksum, and token reminders for development fixtures.
JWT parts
JWTs are dot-separated Base64URL sections.
header.payload.signature HMAC input
HMAC signs a message with a shared secret.
HMAC_SHA256(secret, message) SHA checksum
Checksums verify content equality, not identity.
sha256(file or text) Bearer header
Common HTTP authorization header format.
Authorization: Bearer <token>