Skip to main content

What is a JWT?

FAQ resource for your migration project.

FAQ resource for What is a JWT?.

Answer

A JSON Web Token (JWT) is a compact, URL-safe token format that carries claims as a base64url-encoded header, payload, and signature separated by dots. The signature, using HMAC or a public/private key, lets a recipient verify the token was issued by a trusted party and not altered, without a database lookup. JWTs are widely used for stateless authentication and for passing identity claims between services. Note that the payload is encoded, not encrypted, so it should never contain secrets, and tokens should be short-lived because they are hard to revoke before expiry.