How is a JWT token generated? We set the signing algorithm to be HMAC SHA256 (JWT supports multiple algorithms), then we create a buffer from this JSON-encoded object, and we encode it using base64 . The partial result is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9 .