JWT - JSON Web Token

This lesson introduces JSON Web Tokens (JWT).

What is JWT?

A JSON Web Token (JWT) is a standard that defines a safe, compact, and self-contained way of transmitting information between a client and a server in the form of a JSON object. A JWT can either be signed (JWS) or encrypted (JWE) or both. If a JWT is neither signed nor encrypted, then it is called an insecure JWT.

JWT is one way of creating an access token. There are few alternatives to JWT such as Branca, Pasito, and Macaroon.

By signing the JWT, its integrity will be maintained. Other parties will be able to see the data in the JWT but will not be able to modify it.

By encrypting the JWT, its secrecy is maintained between two parties. Other parties will not be able to see the data, but if they change anything then we will not be able to find out.

In this lesson, and in further lessons, we will be discussing signed JWTs. Encrypted JWT is a more complex topic and is out of the scope for this course.

Get hands-on with 1200+ tech skills courses.