What it is#
A is three base64url-encoded segments separated by dots: a header describing the algorithm, a payload containing claims, and a signature over the first two. Libraries verify the signature, parse the claims, and hand them to the application. The format is well specified in RFC 7519, but the ecosystem of libraries around it has produced a long catalog of implementation bugs.
Why it matters#
JWTs are the default session token in most modern APIs. A bypass in the verification logic frequently translates into a full authentication bypass across every authenticated route. Attackers target three recurring flaws: alg=none acceptance, HS256/RS256 key confusion, and unverified kid headers that let the token pick its own signing key.
Mitigation direction#
Hard-code the accepted algorithm on the verifier. Never let the token’s header dictate the key or the algorithm. Use audience and issuer claims, enforce short expirations, and rotate signing keys with a schedule that does not require a library upgrade to honour.