Powered by © 2024 DjaoDjin. All rights reserved. Legal.

What is JWT?

JWT, or JSON Web Token, is a format to encode user session information.

Why should I care?

The Web (i.e. HTTP) is a stateless protocol. This means every time a user wants to trigger an action on your server-side application, it needs to pass along an identifier token.

How does it work?

When a user logs in, she is given a JWT that can later be used to perform actions on the application that require authentication and a set of permissions.

Since a JWT typically encapsulates a self-contained user session, a server does not need to load any session data from a database when presented with it, simplifying processing and improving performance. A side-effect is that JWTs expire and need to be refreshed occasionally to prevent unauthorized access by someone who would have managed to get a hold of a user's token.