JWT (JSON Web Token)
JWT is a compact token format used to represent claims securely.
Updated: 2026-03-05
Definition
JWT is commonly used in modern authentication/authorization flows to carry claims (user, scopes, expiry).
JWTs are typically signed (and sometimes encrypted) so recipients can verify integrity.
Key points
- Contains claims + expiry
- Signed to prevent tampering
- Must be validated (iss/aud/exp)
Common mistakes
- Storing long-lived JWTs without rotation/revocation strategy.
- Not checking token expiry and audience.
Related exams
CompTIA Security+ (SY0-701)
Free Security+ SY0-701 mini test with focused next steps. Continue in the app for offline packs and detailed explanations.
Microsoft Azure Fundamentals (AZ-900)
Free AZ-900 mini test with focused next steps. Continue in the app for offline packs and detailed explanations.
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams