What is JSON Web Token?

A compact, self-contained token format used to transmit claims between parties as a digitally signed JSON object, widely used for API authentication and single sign-on flows. JWT vulnerabilities — including acceptance of the "none" algorithm, weak HMAC signing secrets, missing signature validation, and algorithm confusion attacks — frequently allow attackers to forge tokens and impersonate any user. Secure JWT implementations use asymmetric algorithms such as RS256 or ES256 and validate all claims on every request.

Related terms