JWT

Category: Security

What is JWT (JSON Web Token)?

JWT (JSON Web Token) is an open standard (RFC 7519) for creating access tokens that safely transfer information between two parties as a JSON object.

Structure of JWT

JWT consists of three parts, separated by dots:

  • Header - contains the type of token and the encryption algorithm
  • Payload - contains claims (statements) - the information that is transferred
  • Signature - used to verify the authenticity of the token

How does JWT work?

  1. User authenticates with credentials
  2. The server generates a JWT and sends it to the client
  3. The client uses the JWT to access protected resources
  4. The server verifies the validity of the JWT before returning data

Advantages

  • Stateless - the server does not store session
  • Easy to transfer between different domains
  • Appropriate for RESTful API and microservices
  • Supports different signing algorithms

Usage

JWT is primarily used for:

  • Authentication
  • Authorization
  • Information exchange between partners