JWT (JSON Web Token)

JWT is a compact token format used to represent claims securely.

Updated: 2026-03-05

Definition

JWT is commonly used in modern authentication/authorization flows to carry claims (user, scopes, expiry).

JWTs are typically signed (and sometimes encrypted) so recipients can verify integrity.

Key points

Contains claims + expiry
Signed to prevent tampering
Must be validated (iss/aud/exp)

Common mistakes

Storing long-lived JWTs without rotation/revocation strategy.
Not checking token expiry and audience.

Related exams

CompTIA Security+ (SY0-701)

Free Security+ SY0-701 mini test. Continue in the app for offline packs and detailed explanations.

Microsoft Azure Fundamentals (AZ-900)

Free AZ-900 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.