π JWT Explained Like You're 5
Building AI systems and writing about how they actually work. Master of AI @ University of Technology Sydney. Previously B.Tech CS with focus on IoT. I believe the best way to learn is to explain. That's why I'm documenting tech concepts with simple analogies (@sreekarreddy.com). AWS Certified β’ Azure AI Certified β’ Neo4j Professional β’ Google Data Analytics When not coding: exploring Sydney, working on side projects, and teaching tech to anyone who'll listen.
A signed badge with your ID
Day 8 of 149
π Full deep-dive with code examples
The Movie Theater Ticket
You buy a movie ticket at the counter.
The ticket has:
- Movie name: "Spider-Man"
- Time: 7:00 PM
- Seat: B12
- A special hologram so staff know it's real
You don't need to show your ID again. The ticket proves you paid!
JWT is a digital ticket for websites!
What JWT Stands For
JSON Web Token
- JSON: A format for data
- Web: Used on the internet
- Token: A small piece of proof
What's Inside a JWT
Three parts, separated by dots:
eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiU3JlZWthciJ9.signature
β β β
Header Payload Signature
(how it's made) (your info) (proof it's real)
Payload might contain:
- Your user ID
- Your name
- When it expires
Signature = The hologram. It lets the server detect tampering.
How It Works
- You log in using a password
- Server creates a JWT with your info
- Server sends JWT to you
- You send JWT with every future request
- Server checks signature β Trusts the info inside
In some designs, the server can verify the token without looking up a session record each time (though many systems still do lookups for permissions, revocation, or fresh user data).
In One Sentence
JWT is a signed, tamper-evident token format that can carry identity/authorization claims between a client and a server.
Note: A JWT is usually signed, not encrypted β so it shouldn't contain secrets.
π Enjoying these? Follow for daily ELI5 explanations!
Making complex tech concepts simple, one day at a time.