What is JWT?

Deep DhamalaDeep Dhamala
6/30/2025|3 minute read
What is JWT?


JWT stands for JSON Web Token (JWT), a compact and self-contained way for securely transmitting information between parties as a JSON object.


It is important to note that JWT is used for authorization, not authentication. A typical login is an example of the authentication process; however, authorization ensures that the user who sends the request is the one authenticated during the login process and has access to the services. Traditionally, authorization involves creating a session for the user on the server side and setting a session ID on the client side (a browser). When the user sends a request along with the session ID, the server checks if that session exists, deciding whether to authorize or not.


In contrast, a JWT token is created after authentication and sent to the client, where it gets stored on the device (in local storage or a cookie) without saving any data on the server side. This saved JWT is then included in every user request, confirming that it is the same user who logged in. So, how does the server know? Let’s discuss.
How does JWT work?


How does JWT work?

JWT consists of three parts:

  1. Header
  2. Payload
  3. Verify Signature
A JWT.
jwt break down in jwt io
You can explore a JWT at jwt.io.


The header is the first section of the JWT (these sections are separated by a “.”), which includes the algorithm used and token type. The payload, the second section, is where user information like ID and name is placed, relating to the specific user. The verify signature, third section, is the most crucial section where the header and payload are signed by a secret key (header + payload + secret) to get that specific string. If the payload is changed to “John Doe2”, the verify signature section should be different for “John Doe2”. However, it’s impossible to create a verify signature as it includes a secret key which is kept private. Thus whenever the data is tampered with, the server sees that the verify signature does not match for the payload provided, causing a failed authorization.


Now that we understand the JWT basic concept, its implementation in Spring Security will be available soon.

Latest Blogs

Deep DhamalaDeep Dhamala
One-to-One Relationship in JPA

A one-to-one relationship is a connection between two entities where each record in one entity is related to at most one record in another entity. In our example, we will consider a student and a mark sheet, where one mark sheet can be associated with only one student and vice versa.

One-to-One Relationship in JPA
Deep DhamalaDeep Dhamala
I’m Starting a Blog: Welcome to Deep Blogs

This blog site will become my journal, documenting the twists and turns along my tech-centric journey. Expect insights into the tech-related discoveries I make during my learning process. Through sharing these experiences, I hope to encourage not only my own exploration of interests and hobbies but also contribute to the refinement of ideas.

I’m Starting a Blog: Welcome to Deep Blogs