How JWT Authentication Works

JWT (JSON Web Token) authentication lets servers issue signed tokens that clients present on subsequent requests. The server verifies the signature without storing session state — enabling scalable, stateless auth.

JWT Structure

A JWT has three parts: Header (algorithm and type), Payload (claims like user ID and expiration), and Signature (cryptographic hash of header + payload + secret). All three are Base64URL-encoded and joined with dots.

The Auth Flow

1. User logs in with credentials. 2. Server validates and returns a JWT. 3. Client stores the token and sends it in the Authorization header. 4. Server verifies the signature and reads claims — no database lookup needed for basic validation.

Use WaiHub's JWT Decoder to inspect tokens during development. Never paste production tokens into untrusted sites.