Add jwt image part 2 (#2853)

* include jwt image * more sprinking of the JWT diagram
FusionAuth · Jan 24, 2024 · ad2fb92 · ad2fb92
1 parent c23a2ff
commit ad2fb92
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 2 deletions.
diff --git a/astro/src/content/docs/get-started/core-concepts/authentication-authorization.mdx b/astro/src/content/docs/get-started/core-concepts/authentication-authorization.mdx
@@ -24,7 +24,11 @@ Authentication means that a user has provided credentials which the system has a
 
 Authentication occurs with users, who are scoped to the tenant. When authentication happens, if you are using the [Login API](/docs/apis/login), a `2xx` response is returned from FusionAuth. See the API documentation for the specific `2xx` value. When using an [Authorization Code grant](/docs/lifecycle/authenticate-users/oauth/), the user is redirected to the provided `redirect_uri`.
 
-In either case, the end result of the request will be a JWT containing information about the user. Here's an example:
+In either case, the end result of the request will be a JWT containing information about the user. Each JWT has a header, a payload and a signature. You can [decode JWTs using any number of online tools](/dev-tools/jwt-decoder), because it's two base 64 encoded strings joined by periods, with the signature for integrity checking. Here's a diagram of a JWT:
+
+![The components of a JWT.](/img/shared/json-web-token.png)
+
+The JWT will contain information about the user. Here's an example of the payload of a JWT for a user that has been authenticated but not authorized:
 
 <JSON title="Example JWT For an Authenticated But Not Authorized User" src="login/jwt-unauthorized.json" />
 

diff --git a/astro/src/content/docs/get-started/core-concepts/integration-points.mdx b/astro/src/content/docs/get-started/core-concepts/integration-points.mdx
@@ -47,6 +47,10 @@ When using OAuth/OIDC, there are multiple kinds of tokens: [Access Tokens, Id To
 
 These tokens can be consumed by APIs or other systems to verify that the holder of the token has been authorized by FusionAuth. [Learn more about JWTs](/learn/expert-advice/tokens/) or [decode a JWT](/learn/expert-advice/dev-tools/jwt-decoder).
 
+Each JWT has a header, a payload and a signature. Here's a diagram of a JWT:
+
+![The components of a JWT.](/img/shared/json-web-token.png)
+
 ### JWT Storage
 
 FusionAuth recommends the Authorization Code grant, where there is a server side component which exchanges the one-time use authorization code for an access token. This server side component offers a lot of flexibility when it comes to storing the JWT.

diff --git a/astro/src/content/docs/lifecycle/authenticate-users/oauth/tokens.mdx b/astro/src/content/docs/lifecycle/authenticate-users/oauth/tokens.mdx
@@ -27,9 +27,15 @@ Here's a presentation discussing how to use JWTs in a microservices architecture
 
 &nbsp;
 
+## JWT Structure
+
+With the exception of the refresh token, each token described here is a JSON Web Token (JWT) and each JWT has a header, a payload and a signature. You can [decode JWTs using any number of online tools](/dev-tools/jwt-decoder), because it's two base 64 encoded strings joined by periods, with the signature for integrity checking.
+
+![The components of a JWT.](/img/shared/json-web-token.png)
+
 ## Header
 
-With the exception of the refresh token, each token described here is a JSON Web Token (JWT) and each JWT has a header, a payload and a signature. The following describes the claims found in the JWT header.
+The following describes the claims found in the JWT header.
 
 <APIBlock>
   <APIField name="gty" since="1.36.0" type="Array<String>">