What is JWT?

JWT (JSON Web Token) is a compact, URL-safe format for representing claims between two parties. A JWT has three parts separated by dots: header (algorithm and type), payload (claims such as user ID, roles, expiry), and signature (for verification). JWTs are commonly used for authentication and authorization—after login, the server issues a JWT that the client sends with subsequent requests. JWTs can be signed (HMAC or RSA) or encrypted (JWE). Never put sensitive data in unencrypted JWTs.