JWT (JSON Web Token)

You might be heard about JWT or even used it in your project for authorization. Today I will talk about JWT , what it’s and how it works.

JSON Web Token (JWT) is an open standard (RFC 7519) for securely transmitting information between parties as a JSON object.This information can be verified and trusted because it is digitally signed.

Where we can use JWT ?

JWT is a token-based authentication mechanism which is stateless. The server does not have store the information or data to hold session information.


This is the most common scenario for using JWT. Once the user is logged in, the next requests will be attached by JWT, allowing the user to access resources that are controlled with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.

Information Exchange:

It’s also good for securely transmitting information between parties. Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are.

How it works

  • User login with username and password or google / facebook.
  • The authentication server verifies the credentials and issues a signed JWT using a secret salt or private key.
  • The client uses the JWT to access protected resources by passing the JWT in the HTTP authorization header.
  • The resource server then verifies the authenticity of the token using the public key / secret salt.

That is for now. I will talk about the JWT structure nextweek.





tel. 06-6454-8833(平日 10:00~17:00)