JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims between parties. A JWT carries a header, payload, and signature — signed with HMAC-SHA256 (HS256) or RSA/EC keys (RS256/ES256). Understanding the trust model is critical: the signature proves integrity, but the payload is only Base64-encoded, not encrypted.
Complete token lifecycle: login → issue → use → refresh → revoke.
Sign in to share your feedback and join the discussion.