Guides

JWT Guides

Short concept guides on JWT structure and safe usage.

What is a JWT
A JWT (JSON Web Token) is a small, signed JSON token format for securely passing information between parties.
The three-part JWT structure
Every JWT consists of header.payload.signature, and each part is base64url encoded.
JWT security checklist
A short checklist of the key principles for using JWT safely.
JWT vs session authentication
The difference between token (JWT) auth and server session (cookie) auth, and when to use each.
Common JWT errors and fixes
The errors you meet most often when working with JWT, with their causes and fixes.
Access tokens and refresh tokens
The role of the short-lived access token and the refresh token that renews it.
Try decoding a token yourselfJust paste and the header, payload and claims unfold instantly.
Open the decoder