https://github.com/bhandarisachindev/NodeBackend Day14
JWT (JSON Web Token) is a secure, compact way to represent user identity and permissions between client and server — often used for authentication.
A JWT looks like this:
xxxxx.yyyyy.zzzzz
It has 3 parts:
| Part | Name | Contains |
|---|---|---|
| 1️⃣ Header | Metadata | Type of token + algorithm used (e.g., HS256) |
| 2️⃣ Payload | Data | User info, roles, token expiry, etc. |
| 3️⃣ Signature | Verified | Encrypted signature to prevent tampering |
| Feature | Benefit |
|---|---|
| ✅ Stateless | Server doesn’t need sessions or DB lookups |
| ✅ Self-contained | All info is in the token itself |
| ✅ Tamper-proof | Signature ensures it wasn’t modified |
| ✅ Fast | Lightweight — just a string |
The JWT secret is a private key string used to sign and verify JSON Web Tokens (JWTs). It's what ensures that a token is valid and hasn't been tampered with.
https://jwtsecrets.com/#generator