Structure

Header: alg + typ. Payload: claims (sub, exp, iat, iss). Signature: HMAC or RSA/ECDSA sign of header + payload.

Advertisement

Common attacks

alg=none: bypass verification if lib accepts. Confusion attack: alg=HS256 with public RSA key as HMAC secret. Weak secrets → brute-force.

Advertisement

Best practices

Explicit alg allowlist. Short expiry. Verify iss/aud. Rotate signing keys. HTTPS transport.

Not for sessions

Can't revoke. Growing size. Use opaque session ID + Redis for typical web sessions. JWT for API cross-domain.