What is JWT Token?

• JWT is Json Web Token
• Light weight interchange data format
• It is generated at the server side and stored in the client side
• It is stateless
• The validity of token is short normally 5mins to one hour

Structure of the JWT token:

JWT has three parts as shown below. Each part is base64 encoded and separated by dot.

1. Header : Contains token type and algorithm used
2. Payload: Contains expiry date and some additional non-sensitive information
3. Signature: is base64 encode of header, payload and Secret. Secret should be private key and it is used to create signature.

JWT structure

JWT sample token:

Sample JWT token with secret asdf1234

Advantages of JWT:

• It is very useful in micro service architecture or a system involves validation in multiple subsystems
• Very quick and easy to validate the token
• It is stateless and no DB call required to validate
• It will be used in authorizing an API
• It is easy to read and write for humans and simple for machines to parse and generate
• Impact will be less even it is compromised due to its short validity

Disadvantages of JWT:

• As it is stored in the client side, it is accessible to everyone.
• If secret is leaked, whole token system will be leaked as token generation completely depends on the secret
• Need to change/update secret regularly