JSON Web Tokens (JWT) for authentication

JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS) or encrypted using JSON Web Encryption (JWE), ensuring their integrity and…

Key facts

First appeared
2011
Category
technology
Problem solved
JWT was created to provide a compact, self-contained, and cryptographically secure way to transfer information (claims) between parties, particularly for authentication and authorization in distributed systems. It addresses the limitations of traditional session-based authentication for scalable, cross-domain applications and offers a more lightweight and flexible alternative to XML-based security tokens like SAML.
Platforms
Web browsers, Cloud Computing Environments, API Gateways, Mobile operating systems (iOS, Android), Server-side environments (Node.js, Python, Java, Go, .NET, PHP, Ruby)

Related technologies

Notable users

  • Microsoft Azure (Azure AD)
  • Many SaaS and enterprise applications
  • Okta
  • Google (for Google API authentication, Firebase)
  • Netflix
  • Amazon Web Services (AWS Cognito, API Gateway)
  • Auth0