JSON Web Token (JWT)

is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.

• A server issues a token to a client after verifying its credentials (ex: username and password).
• The client then uses the token to access the protected resources on the server.
• Is composed of three parts: a header, a payload, and a signature.
• Header: contains metadata. Algorithm used to sign the token.
• Payload: contains the claims and the data.
• Signature: used to verify the integrity and authenticity of the token
• The server verifies the token by:
• checking its signature, validating the claims (identity, roles, permissions, expiration time)
• The token is not necessary to be stored (it is signed).