JWTs

General Information

  • JSON Web Tokens (JWTs) are a standardized format for sending cryptographically signed JSON data between systems.

  • Although they can contain any kind of data, they typically contain claims, i.e., information about users. They contain all the data required by a server on the client-side.

  • JWT is a limited specification which defines a format for representing information, i.e., claims, as a JSON object. In practice, a JWT is implemented as a JWS (JSON Web Signature) or a JWE (JSON Web Encryption)

Structure

JWT Signature

  • Typically generated by hashing the header and the payload. The resulting hash might be also encrypted.

  • In both cases, the process involves a secret signing key which provides a way for servers to verify that the token data hasn't been tampered with.

PreviousJWT AttacksNextAttacks

Last updated