JSON Web Tokens (JWT)
#webdev#javascript#beginners#security
Nozibul Islam

Nozibul Islam @nozibul_islam_113b1d5334f

About: I am a Full-Stack Developer specialized Front-end Developer. Passionate about algorithms, data structures, and coding challenges & always ready to face new challenges.

Location:
Dhaka, Bangladesh
Joined:
Aug 24, 2024

JSON Web Tokens (JWT)

Publish Date: Dec 9 '24
52 7

What are JSON Web Tokens (JWT)?

A JSON Web Token (JWT) is a widely used open standard designed for securely exchanging information between two parties—typically a client and a server.

Each JWT contains encoded JSON objects that include a set of claims.

These claims represent various types of data, such as user identity, permissions, or other essential details.

Structure of a JWT

A JWT is divided into three key components:

  • **Header: **Provides details about the type of token and the algorithm used for signing.
  • Payload: Contains the claims, which include the data to be shared.
  • Signature: Ensures the token's authenticity and guards against tampering.

Common Use Cases

  1. Authentication: JWTs are frequently used for user authentication. After a successful login, the server generates a JWT, which is included in subsequent client requests.
  2. Authorization: JWTs can store user roles and permissions, granting access to specific resources.
  3. Single Sign-On (SSO): JWTs streamline authentication across multiple systems or applications without requiring repeated logins.

Best Practices for Using JWTs

Set an expiration time to limit the token’s lifespan.

  • Always use HTTPS when transmitting JWTs to prevent interception.
  • Avoid embedding sensitive data in the JWT payload, as it is visible to anyone with access to the token.

🔗 Connect with me on LinkedIn:

Let’s dive deeper into the world of software engineering together! I regularly share insights on JavaScript, TypeScript, Node.js, React, Next.js, data structures, algorithms, web development, and much more. Whether you're looking to enhance your skills or collaborate on exciting topics, I’d love to connect and grow with you.

Follow me: Nozibul Islam

Comments 7 total

  • Jason Purdy
    Jason PurdyDec 11, 2024

    Can you provide some more information here? Maybe an example of what a JWT looks like? And what a payload looks like. I'm puzzled by what you mean by sensitive data in the payload.

    Thanks!

    • Nozibul Islam
      Nozibul IslamDec 11, 2024

      Thanks for your comment! Apologies, but I’m unable to share more information at the moment. I’ll get back to you as soon as I can.

    • Aaron Moss
      Aaron MossDec 12, 2024

      A payload can be any set of data that stores information about the user, for example: {
      "sub": "1234567890",
      "name": "John Doe",
      "admin": true
      }, a helpful note I found online about the JWT payload though is for signed tokens, you should never store and sensitive information in the payload OR header elements as they are readable by anyone.

      I suppose by sensitive data, they meant user personal info?

    • Jay Pancholi
      Jay PancholiDec 12, 2024

      Here you go

      spellbook.muggleborn.dev
  • Dhaval Gojiya
    Dhaval GojiyaDec 14, 2024

    How is a JWT token safe? Anyone can decrypt it and can see the payload dictionary data. There is an online tool available to decrypt tokens, and it shows the payload. 

  • Thomas Broyer
    Thomas BroyerDec 18, 2024

    For anyone wanting to go a bit deeper on JWT: dev.to/tbroyer/what-are-jwt-nm0

    TL;DR: you probably don't need them.

Add comment