JWT
A JWT is a compact, URL-safe token format used to securely transmit claims between parties. It is digitally signed to verify authenticity without requiring server-side session storage.
⚙️ How Does It Work?
A JWT contains three Base64-encoded parts: Header (algorithm), Payload (claims like user ID and roles), and Signature. The receiving service validates the signature without calling the auth server.
📍 Where Is It Used?
API authentication, microservices, Single Page Application auth, OAuth 2.0 and OIDC token formats.
💡 Real-World Example
After a user logs in via OIDC, the identity provider issues a JWT ID token. When the user's browser calls the company's API, it includes the JWT. The API validates the signature and reads the role: admin claim to authorize the request — no database lookup needed.
🔗 Related Terms
Stay Ahead in Identity Security
Get weekly IAM, PAM & IGA insights via Identity Pulse.
Subscribe to Identity Pulse →