JSON Web Tokens (JWT) for authentication
JSON Web Tokens (JWT) are a compact, URL-safe means of representing claims to be transferred between two parties. The claims in a JWT are encoded as a JSON object that is digitally signed using JSON Web Signature (JWS) or encrypted using JSON Web Encryption (JWE), ensuring their integrity and…
Key facts
- First appeared
- 2011
- Category
- technology
- Problem solved
- JWT was created to provide a compact, self-contained, and cryptographically secure way to transfer information (claims) between parties, particularly for authentication and authorization in distributed systems. It addresses the limitations of traditional session-based authentication for scalable, cross-domain applications and offers a more lightweight and flexible alternative to XML-based security tokens like SAML.
- Platforms
- Web browsers, Cloud Computing Environments, API Gateways, Mobile operating systems (iOS, Android), Server-side environments (Node.js, Python, Java, Go, .NET, PHP, Ruby)
Related technologies
Notable users
- Microsoft Azure (Azure AD)
- Many SaaS and enterprise applications
- Okta
- Google (for Google API authentication, Firebase)
- Netflix
- Amazon Web Services (AWS Cognito, API Gateway)
- Auth0