Like a notarised letter — anyone can verify the notary's stamp, but only the notary can create it.
The auth server signs a JWT with a private key. The token includes issuer, audience, and a 15-minute expiry.
> jwt.sign({sub: 'user-123', email: 'alice@app.com', roles: ['user']})
> Algorithm: RS256 (asymmetric — public key can verify)
> Claims: iss=auth.myapp.com, aud=api.myapp.com, exp=+15min
> Token: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyLTEyMyJ9.<sig>Like a notarised letter — anyone can verify the notary's stamp, but only the notary can create it.
The auth server signs a JWT with a private key. The token includes issuer, audience, and a 15-minute expiry.
> jwt.sign({sub: 'user-123', email: 'alice@app.com', roles: ['user']})
> Algorithm: RS256 (asymmetric — public key can verify)
> Claims: iss=auth.myapp.com, aud=api.myapp.com, exp=+15min
> Token: eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ1c2VyLTEyMyJ9.<sig>Sign in to cast your vote
Sign in to share your feedback and join the discussion.