Taos Glossary

An explanation of industry terms that is a quick read, and knowledge base.

JSON Web Token (JWT)

What is JSON Web Token?

A commonly used method for securing data exchange is called the JSON Web Token (JWT), or a JSON (JavaScript Object Notation) object. As a JWT is virtually signed with a public/private key pair or by using a secret, this transferred information is verifiable and trusted.

How does JWT work?

JWTs are different from other web tokens because they contain a set of claims to transmit information between two parties. The nature of the claims relies on the use case’s content and intent. Each JWT comprises three elements: the header, the payload, and the signature. The header includes the signing algorithm and token type. The payload contains the claims or object, and the signature is a generated string from a cryptographic algorithm for verification purposes.

How is JWT important?

JWTs use less-verbose coding than other formats, so file sizes are smaller and more compact. This makes it optimal for usage in HTML and HTTP environments. JWTs offer more simplicity in the signing process, and the nature of the private key (or secret) to confirm authenticity makes it incredibly difficult to manipulate or interfere with by an outside source.

Benefits of JWT

When being transferred, the JWT is virtually signed with either a public/private key pair or other digital secret that safeguards them from modification by either client or bad actors. As the JWT is stored only on the client, this saves database space, and verification of a JWT is rapid since it doesn’t require a database search.

Common use cases for JWT

JWTs are most often used as a simple authorization for system users. When users are logged in, they continue to use the JWT for any subsequent request for access routes, services, and resources permitted with the provided token. This allows for functionality such as “Single Sign-On.” 

Another primary use is information exchange, as JWTs make it easy and safe to transmit information between parties. JWTs help confirm data packet senders and helps receivers confirm that the content hasn’t been altered in any way.

Recommended for You

Related Service Offerings

Cloud Cost Optimization Advisory

Save up to 30% of cloud spend by identifying areas of waste across hyperscalers

Application Modernization Advisory

A prescriptive and strategic roadmap to reduces risks on your journey into a modernized, containerized application environment

Cloud Security Assessment

Understand how secure your cloud environment is and the key vulnerabilities you need to address.