Skip to content

JWT

JSON Web Token

Medium — good to knowBackend

ELI5 — The Vibe Check

A JWT is a special kind of token that contains information inside it. It has three parts: a header, a payload (with your user ID, role, etc.), and a signature to prove it wasn't tampered with. The server can verify it without even looking it up in a database.

Real Talk

A JWT is a compact, self-contained token that encodes claims (user data) as a Base64-encoded JSON object and is cryptographically signed. The server can verify authenticity by checking the signature without database lookups. Consists of header.payload.signature.

Show Me The Code

// Decoded JWT payload:
{
  "sub": "user_123",
  "role": "admin",
  "exp": 1740000000,
  "iat": 1739996400
}

When You'll Hear This

"Decode the JWT to get the user's role." / "The JWT expires after 1 hour — use a refresh token."

Related Terms

Authentication (AuthN)

Authentication is proving you are who you say you are.

beginnerSecurity

Header

Headers are the metadata attached to HTTP requests and responses — information about the information.

beginnerNetworking

OAuth (Open Authorization)

OAuth is the system behind 'Login with Google.' Instead of making a new account, you let Google vouch for you.

intermediateBackend

Session

A session is the server's way of remembering who you are across multiple requests.

beginnerNetworking

Token

In AI-land, a token is a chunk of text — roughly 3/4 of a word.

beginnerVibecoding
Back to Browse Random Term

Made with passive-aggressive love by manoga.digital. Powered by Claude.