What is JWT (JSON Web Token)?

A JSON Web Token (JWT) is a compact, URL-safe token made of three Base64URL-encoded parts — header, payload, and signature — separated by dots. It carries "claims" (such as a user ID and expiry) and is commonly used for stateless authentication and authorization.

The signature lets the recipient verify the token was not tampered with. Note that the payload is only encoded, not encrypted, so never put secrets in a JWT.