Skip to main content

Json Web Tokens (JWTs)

Read about JWTs - a method of securing data exchanges

Overview

After your user authenticates, the AuthN service can send you JWTs - which include the same data as the example above but in a different format. The format includes:

  • A header - A response header that indicates the intention for the request
  • A payload - Contains who the user is and what they can do
  • A signature - Verifies that the token is valid

JWTs returned by the AuthN service are Base64 encrypted and you will need a JWT library to decode it.

Basics

In general, a JWT contains three components: header, payload, and signature, and are self-contained. Self-contained means that a server receiving a JWT can exclusively use token details from a JWTs payload to verify without having to make other calls.

Key features

  • Self-contained
  • Cannot be revoked
  • Shorter expiration time
  • More complex to manage than session IDs

Use JWTs

  • Back-end systems that need to handle an extremely high volume of HTTP requests and want to avoid latency/throughput issues
  • Passing a user's credentials between several back-end systems that all trust the server that granted the JWT and each want to do their own authentication or authorization
  • Organizations with the resources and desire to build a strong key management system