JSON Web Tokens are an open standard used to securely transmit information as a [[JSON]] object. It's often used for authentication and authorization purposes, containing plain-text but cryptographically-signed payloads and metadata the client can use to prove itself during communication.
This is [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519).
# Typical Flow
1. Log in to the server with standard credentials.
2. Server issues a JWT.
3. Client stores the JWT.
4. Client provides the JWT on further communication.
5. Server verifies the JWT on all communication.
# Tooling
* [[JWT Debugger](https://www.jwt.io/)