🔒 Security intermediate

JWT (JSON Web Token)

Compact, URL-safe token format for securely transmitting information between parties as a JSON object.

views

JWTs are self-contained tokens carrying claims (user info, permissions) in a verifiable format. Structure: Header (algorithm, type), Payload (claims like sub, exp, iat), and Signature (prevents tampering). The signature uses HMAC or RSA - servers can verify tokens without database lookups. Common claims: sub (subject/user ID), exp (expiration), iat (issued at), iss (issuer). JWTs enable stateless authentication - the token contains all needed info. Considerations: tokens can't be revoked until expiry (use short lifetimes), payload is base64-encoded not encrypted (don't store secrets), and size grows with claims. JWTs are fundamental to modern auth systems.

</> Related Terms

OAuth 2.0

Authorization framework enabling third-party applications to access user resources without sharing credentials.

HTTPS/TLS

Secure communication protocol that encrypts data between browsers and servers using TLS certificates.

[] More in Security

→ HTTPS/TLS → OAuth 2.0 → Rate Limiting

← cd ../glossary