JSON Web Tokens are an open standard used to securely transmit information as a [[JSON]] object. It's often used for authentication and authorization purposes, containing plain-text but cryptographically-signed payloads and metadata the client can use to prove itself during communication. This is [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519). # Typical Flow 1. Log in to the server with standard credentials. 2. Server issues a JWT. 3. Client stores the JWT. 4. Client provides the JWT on further communication. 5. Server verifies the JWT on all communication. # Tooling * [[JWT Debugger](https://www.jwt.io/)