From IndieWeb

JWT (JSON Web Token) is a method of encoding and signing JSON data in a URL-safe string.

While JWT is actually designed to represent auth "claims," it can also serve as a general-purpose signing method ignoring all well-defined property names in the spec.

An example JWT in its encoded format looks like the below:


Extracting the contents of the above JWT results in the JSON object below:

  "sub": "1234567890",
  "name": "John Doe",
  "iat": 1516239022

NOTE: You must validate the signature of the JWT before using the data in the claims, otherwise people can easily hack your software! If you don't validate the signature, anyone can create a similar-looking JWT and do things like replace usernames to log in as other people.


See Also