Structure
Header: alg + typ. Payload: claims (sub, exp, iat, iss). Signature: HMAC or RSA/ECDSA sign of header + payload.
Advertisement
Common attacks
alg=none: bypass verification if lib accepts. Confusion attack: alg=HS256 with public RSA key as HMAC secret. Weak secrets → brute-force.
Advertisement
Best practices
Explicit alg allowlist. Short expiry. Verify iss/aud. Rotate signing keys. HTTPS transport.
Not for sessions
Can't revoke. Growing size. Use opaque session ID + Redis for typical web sessions. JWT for API cross-domain.