JWT
JSON Web Token
A compact, URL-safe token format for securely transmitting claims between parties. Used for authentication and authorisation in web applications and APIs.
In-Depth Explanation
JSON Web Tokens (JWT) are a standard for securely transmitting information as a JSON object. They're commonly used for authentication, allowing stateless session management.
JWT structure (three parts):
- Header: Token type and signing algorithm
- Payload: Claims (data about the user/session)
- Signature: Verification that token is valid
JWT claim types:
- Registered: iss (issuer), exp (expiration), sub (subject)
- Public: Standardised claims
- Private: Custom application claims
JWT characteristics:
- Self-contained (carries its own data)
- Stateless (server doesn't store session)
- Tamper-evident (signature verification)
- Compact (URL-safe encoding)
JWT considerations:
- Can't be revoked without extra infrastructure
- Payload is encoded, not encrypted (visible)
- Size grows with claims added
- Expiration is crucial for security
Business Context
JWTs enable scalable authentication without server-side session storage. Common in modern APIs and single-page applications.
How Clever Ops Uses This
We use JWTs for secure API authentication in Australian business applications, enabling stateless, scalable architecture.
Example Use Case
"User logs in, receives a JWT containing their ID and permissions. Each API request includes this token, letting the server verify access without database lookups."