JWT

Security

Overview

A JWT (JSON Web Token) is a URL-safe, self-contained token format made by signing a JSON set of claims.

It has three dot-separated parts — header.payload.signature — and the signature lets you verify the content's integrity and its issuer.

Details

Correct the most common misconception first: a standard JWT (JWS) is signed, not encrypted. The header and payload are merely Base64URL-encoded, so anyone can decode and read them. Never put sensitive data like passwords or national IDs in the payload. The signature guarantees 'the content wasn't tampered with and was created by an issuer holding the signing key,' not secrecy of the content (use JWE if you need real encryption).

Verification is by signature: signed with a symmetric key (HS256, shared secret) or asymmetric key (RS256/ES256, verified with a public key), and the server checks the signature plus issuer (iss), audience (aud), and expiry (exp). Notorious pitfalls include allowing `alg: none`, algorithm-confusion attacks (tricking RS256 into HS256 to misuse the public key as a secret), and skipping expiry/claim validation — so verify strictly with a library. JWT's upside is keeping no server-side state (great for scaling); its downside is that immediate revocation before expiry is hard (mitigated by short lifetimes plus refresh tokens or a blocklist). A JWT is a prototypical implementation of an access token.

Related types