How to Sign and Validate JSON Web Tokens (JWT)

When I started learning about JSON Web Tokens, there were some things that were straightforward to understand — and some concepts that felt like “hidden secrets” of JWT lore. 🧙‍♂️

This article aims to demystify signing and validating JSON Web Tokens, with little need for security or cryptography knowledge.

Authorization and Authentication for Everyone

Authentication and authorization are necessary for many of the applications we build. Maybe you’ve developed apps and implemented authentication and authorization in them — possibly by importing a third party auth library or by using an identity platform.

Maybe you got the job done, but you really weren’t clear on what was happening behind the scenes, or why things were being done a certain way. If you’d like to build a foundational understanding of what goes on behind the scenes when using OAuth 2.0 and OpenID Connect standards, read on!