What Is JWT and How Do You Use It?

You’re probably aware that JWT stands for JSON Web Token, but what is it exactly? And how do you use it? Scroll down to the bottom of the article for a quick video that addresses exactly these questions.

In the meantime, please review this resource list.

JWT.IO — for testing and viewing JSON web tokens

Header — determines algo and JWT token type; always before the first period and is BASE64

Payload — all info. you store in the token; until next period; this the data section, which is for our application

sub — subject (the id of the user you’re authenticating); you’d ordinarily store this in a session if not using JWT

name — user’s name (this is custom) and is often seen

iat — “issued at”; when the token was created

eat — “expired at”; the date the token is no longer valid; important to have

Signature — verifies the token hasn’t been saved by the client before it gets sent back to us