What is a JWT token?

A JSON Web Token (JWT) is a compact, URL-safe means of representing claims to be transferred between two parties.

JWT Structure:

JWTs consist of three parts separated by dots (header.payload.signature):

  1. Header: Contains the token type (JWT) and signing algorithm (e.g., HS256, RS256)
  2. Payload: Contains the claims (data) like user ID, expiration time, permissions
  3. Signature: Used to verify the token hasn't been tampered with

Common Use Cases:

  • API authentication and authorization
  • Single Sign-On (SSO) systems
  • Secure information exchange between services
  • Stateless session management
  • OAuth 2.0 and OpenID Connect

Why Use JWTs?

  • Compact: Small size makes them ideal for HTTP headers and URLs
  • Self-contained: Payload contains all necessary user information
  • Stateless: Server doesn't need to store session data
  • Cross-domain: Works across different domains and services

Example JWT: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c_

This encodes user information that can be decoded by anyone but only verified by those with the secret key.

Try our JWT Decoder

Related Questions