What is JWT (JSON Web Token)?
A compact, self-contained token format for transmitting claims between parties.
A JSON Web Token (JWT) is a compact, URL-safe token that encodes a JSON payload and signs it cryptographically. JWTs consist of three base64-encoded parts: Header (algorithm), Payload (claims like user ID, roles, expiry), and Signature (verification). The signature uses a secret (HMAC-SHA256) or key pair (RS256). JWTs are stateless — the server doesn't need to look up a session. Common pitfall: JWTs can't be revoked before expiry without a token blocklist.
More Security Terms
DevSecOps
Integrating security practices into every stage of the DevOps pipeline.
Falco
A runtime security tool that detects anomalous behavior in containers using eBPF/syscalls.
mTLS (Mutual TLS)
Two-way TLS authentication where both client and server verify each other's certificates.
OAuth2
An authorization framework allowing third-party apps limited access to user accounts.
OIDC (OpenID Connect)
An identity layer on top of OAuth2 that provides user authentication.
OPA (Open Policy Agent)
A general-purpose policy engine for enforcing authorization decisions across the stack.
Test your knowledge of JWT (JSON Web Token) and 130 other DevOps concepts