What is JWT?

JWT is a self-contained token format used to exchange claims between systems.
Tags:

Overview

JWT consists of a header, payload, and signature separated by dots. The payload stores claims such as issuer, subject, audience, expiration, and custom application data. Because the payload is Base64URL-encoded rather than encrypted, sensitive data should not be stored there unless JWE or another encryption layer is used.

Key Points

  • Keep credentials and tokens protected.
  • Prefer current standards and well-maintained libraries.
  • Validate trust boundaries and expiration rules.

Examples

HEADER.PAYLOAD.SIGNATURE

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

{
  "alg": "HS256",
  "typ": "JWT"
}

{
  "http://www.devkuma.com/": true
}