What key elements do JSON web tokens (JWTs) contain?

JSON Web Tokens (JWTs) are an open standard for securely transmitting information as a JSON object. The core structure of a JWT consists of three main parts: the header, the payload, and the signature.

The header typically consists of two parts: the type of the token, which is JWT, and the signing algorithm being used, such as HMAC SHA256 or RSA. This information is crucial as it helps the recipient understand how to verify the token.

The payload contains the claims, which are statements about an entity (usually the user) and additional data. This part is where you can include standard claims such as "iss" (issuer), "exp" (expiration), and custom claims relevant to your application.

The signature is created by taking the encoded header, the encoded payload, a secret key (or private key, in the case of asymmetric algorithms), and signing it. This ensures that the token has not been altered and allows the recipient to verify the authenticity of the token.

Option C accurately identifies these components: the header provides vital information about the token, the payload contains the claims being asserted, and the signature ensures the integrity and authenticity of the token. Hence, it represents the essential structure of JWTs correctly.