JWT Token

What is JWT Token?
JWT, or JSON Web Token, is an open standard used to share security information between two parties — a client and a server. Each JWT contains encoded JSON objects, including a set of claims. JWTs are signed using a cryptographic algorithm to ensure that the claims are not altered after the token is issued.

How does it work?

It works this way: the server generates a token that certifies the user identity and sends it to the client.

The client will send the token back to the server for every subsequent request, so the server knows the request comes from a particular identity.

This architecture proves to be very effective in modern Web Apps, whereafter the user is authenticated, we perform API requests either to a REST or a GraphQL API.

A JWT is cryptographically signed (but not encrypted; hence using HTTPS is mandatory when storing user data in the JWT), so there is a guarantee we can trust it when we receive it, as no intermediary can intercept and modify it, or the data it holds, without invalidating it.

That said, JWTs are often criticized for their overuse, especially for them being used when less complex solutions can be used.