To validate a Json Web Token: choose the target algorithm, paste in your encryption key or private/pubice key paris, then paste your jwt on the left.
To generate a Json Web Token: choose the target algorithm, enter your header, playload in json format, then choose or generate an encryption.
What is a JWT?
A JWT or JSON Web Token is a token used to authenticate user actions. Some non-sensitive user info are stored in the payload section of a JWT so the backend server can validate the identify of the client without having to call the user authencation server.
To validate a JWT, the backend server compares the signature section of the JWT with the hashed value of the payload to make sure the payload and hence the JWT has not been tampered with.
Some pros of JWT include: no database table, simpler to use, and used across services.
Some cons of JWT include: somewhat weaker security with just one secret key used, cannot be revoked by the backend, payload data are transparent thus making it tricky to handle on the client side.
JWT is one of the most widely used user authentication protocol.