JSON Web Token

conceptprotocol

Try in PlaygroundRSS

Overview

Developed byIETF

LicenseOpen Standard

Open source✓ Open Source

Use caseSecure token-based authentication and authorization

Technical

Protocols

RSA SHA-256 HMAC SHA-256 Base64URL encoding RSA HMAC ECDSA OAuth 2.0 HTTPS OpenID Connect

Integrates with

Node.js Python OAuth 2.0 OpenID Connect REST APIs

Also see

Alternative to

session-based authentication Session cookies SAML tokens Simple Web Tokens Simple Web Tokens (SWT)

Based onJSON (JavaScript Object Notation)

Competes with

SAML tokens

Knowledge graph stats

Claims88

Avg confidence94%

Avg freshness100%

Last updatedUpdated 19 days ago

Trust distribution

100% unverified

Governance

EU Riskminimal risk

Training data disclosure

JSON Web Token

Q: What does JSON Web Token integrate with?

JSON Web Token integrates with Node.js, Python, OAuth 2.0, OpenID Connect, REST APIs.

Q: What are alternatives to JSON Web Token?

Alternatives to JSON Web Token include session-based authentication, Session cookies, SAML tokens, Simple Web Tokens, Simple Web Tokens (SWT).

concept

Compact URL-safe token format for securely transmitting claims between parties

Compare with...

consists of

Value	Trust	Confidence	Freshness	Sources
three parts separated by dots	○Unverified	High	Fresh	1
three Base64-URL encoded parts separated by dots	○Unverified	High	Fresh	1
three Base64URL encoded parts	○Unverified	High	Fresh	1
three Base64-encoded parts separated by dots	○Unverified	High	Fresh	1
header, payload, and signature components	○Unverified	High	Fresh	1

format type

Value	Trust	Confidence	Freshness	Sources
Base64URL encoded	○Unverified	High	Fresh	1

based on

Value	Trust	Confidence	Freshness	Sources
JSON (JavaScript Object Notation)	○Unverified	High	Fresh	1
JSON format	○Unverified	High	Fresh	1
JSON	○Unverified	High	Fresh	1
JSON Web Signature (JWS)	○Unverified	High	Fresh	1
JSON Web Encryption (JWE)	○Unverified	High	Fresh	1

standardized as

Value	Trust	Confidence	Freshness	Sources
RFC 7519	○Unverified	High	Fresh	1

primary use case

Value	Trust	Confidence	Freshness	Sources
Secure token-based authentication and authorization	○Unverified	High	Fresh	1
secure information transmission between parties	○Unverified	High	Fresh	1
compact token format for securely transmitting authentication claims	○Unverified	High	Fresh	1
securely transmitting information between parties as JSON objects	○Unverified	High	Fresh	1
Authentication and information exchange	○Unverified	High	Fresh	1
secure information transmission between parties as JSON object	○Unverified	High	Fresh	1
Authentication and authorization token format	○Unverified	High	Fresh	1
Secure transmission of information between parties as JSON object	○Unverified	High	Fresh	1
stateless authentication and authorization	○Unverified	High	Fresh	1
securely transmitting information between parties as JSON object	○Unverified	High	Fresh	1
secure token-based authentication and information exchange	○Unverified	High	Fresh	1
Authentication and authorization	○Unverified	High	Fresh	1
stateless authentication	○Unverified	Moderate	Fresh	1

defined in

Value	Trust	Confidence	Freshness	Sources
RFC 7519	○Unverified	High	Fresh	1

standardized in

Value	Trust	Confidence	Freshness	Sources
RFC 7519	○Unverified	High	Fresh	1

standardized year

Value	Trust	Confidence	Freshness	Sources
2015	○Unverified	High	Fresh	1

defined by

Value	Trust	Confidence	Freshness	Sources
RFC 7519	○Unverified	High	Fresh	1

structure components

Value	Trust	Confidence	Freshness	Sources
header, payload, signature	○Unverified	High	Fresh	1
Header.Payload.Signature	○Unverified	High	Fresh	1

specification number

Value	Trust	Confidence	Freshness	Sources
RFC 7519	○Unverified	High	Fresh	1

rfc number

Value	Trust	Confidence	Freshness	Sources
RFC 7519	○Unverified	High	Fresh	1

pricing model

Value	Trust	Confidence	Freshness	Sources
free	○Unverified	High	Fresh	1

used by

Value	Trust	Confidence	Freshness	Sources
Auth0	○Unverified	High	Fresh	1

first released

Value	Trust	Confidence	Freshness	Sources
2015	○Unverified	High	Fresh	1

standardized by

Value	Trust	Confidence	Freshness	Sources
IETF	○Unverified	High	Fresh	1
Internet Engineering Task Force (IETF)	○Unverified	High	Fresh	1
IETF RFC 7519	○Unverified	High	Fresh	1

uses protocol

Value	Trust	Confidence	Freshness	Sources
Base64URL encoding	○Unverified	High	Fresh	1

requires

Value	Trust	Confidence	Freshness	Sources
cryptographic signing	○Unverified	High	Fresh	1
Base64URL encoding	○Unverified	High	Fresh	1
Base64 encoding	○Unverified	High	Fresh	1

supports claim type

Value	Trust	Confidence	Freshness	Sources
private claims	○Unverified	High	Fresh	1
registered claims	○Unverified	High	Fresh	1

commonly used for

Value	Trust	Confidence	Freshness	Sources
authentication	○Unverified	High	Fresh	1
authorization	○Unverified	High	Fresh	1

developed by

Value	Trust	Confidence	Freshness	Sources
IETF	○Unverified	High	Fresh	1
Internet Engineering Task Force (IETF)	○Unverified	High	Fresh	1
Auth0	○Unverified	Moderate	Fresh	1

maintained by

Value	Trust	Confidence	Freshness	Sources
IETF	○Unverified	High	Fresh	1

encoding method

Value	Trust	Confidence	Freshness	Sources
Base64URL	○Unverified	High	Fresh	1

supports algorithm

Value	Trust	Confidence	Freshness	Sources
RSA	○Unverified	High	Fresh	1
RSA SHA-256	○Unverified	High	Fresh	1
HMAC SHA-256	○Unverified	High	Fresh	1

encoding format

Value	Trust	Confidence	Freshness	Sources
Base64URL	○Unverified	High	Fresh	1

format

Value	Trust	Confidence	Freshness	Sources
Base64URL encoded	○Unverified	High	Fresh	1

structure format

Value	Trust	Confidence	Freshness	Sources
Header.Payload.Signature	○Unverified	High	Fresh	1

open source

Value	Trust	Confidence	Freshness	Sources
true	○Unverified	High	Fresh	1

supports protocol

Value	Trust	Confidence	Freshness	Sources
RSA SHA-256	○Unverified	High	Fresh	1
HMAC SHA-256	○Unverified	High	Fresh	1
Base64URL encoding	○Unverified	High	Fresh	1
RSA	○Unverified	High	Fresh	1
HMAC	○Unverified	High	Fresh	1
ECDSA	○Unverified	High	Fresh	1
OAuth 2.0	○Unverified	Moderate	Fresh	1
HTTPS	○Unverified	Moderate	Fresh	1
OpenID Connect	○Unverified	Moderate	Fresh	1

license type

Value	Trust	Confidence	Freshness	Sources
Open Standard	○Unverified	High	Fresh	1

published year

Value	Trust	Confidence	Freshness	Sources
2015	○Unverified	High	Fresh	1

uses encoding

Value	Trust	Confidence	Freshness	Sources
Base64URL	○Unverified	High	Fresh	1

integrates with

Value	Trust	Confidence	Freshness	Sources
Node.js	○Unverified	High	Fresh	1
Python	○Unverified	High	Fresh	1
OAuth 2.0	○Unverified	High	Fresh	1
OpenID Connect	○Unverified	High	Fresh	1
REST APIs	○Unverified	Moderate	Fresh	1

commonly used with

Value	Trust	Confidence	Freshness	Sources
REST APIs	○Unverified	High	Fresh	1
OAuth 2.0	○Unverified	High	Fresh	1
OpenID Connect	○Unverified	High	Fresh	1

supported by

Value	Trust	Confidence	Freshness	Sources
most modern programming languages	○Unverified	High	Fresh	1

alternative to

Value	Trust	Confidence	Freshness	Sources
session-based authentication	○Unverified	High	Fresh	1
Session cookies	○Unverified	Moderate	Fresh	1
SAML tokens	○Unverified	Moderate	Fresh	1
Simple Web Tokens	○Unverified	Moderate	Fresh	1
Simple Web Tokens (SWT)	○Unverified	Moderate	Fresh	1