# JWT - JSON Web Token ### What? JSON Web Token (JWT) is used to transfer information between two parties `securely` as JSON object. It is an open standard. It is comprised of 3 parts separated by dots(.). These are: 1. Header 2. Payload 3. Signature These parts contain information that are Base64-URL encoded before forming the final token. So the final token may look like this: ``` xxxxxx.yyyyyy.zzzzzz ``` ### Types 1. **Encrypted**: - Can verify integrity of the claims contained and hides them - All information held in token is encrypted, so it's suitable if token contains sensitive information 1. **Signed**: - Can verify integrity of the claims contained, but cannot hide them - Can certify the party when signed with public/private key - All information held in token is exposed to users/other parties, although they cannot change it. Thus secret/sensitive information should not be put here ### Why JWT? * When encoded, it's smaller in size compared to other options * Simplicity * Availability of JSON parser in most programming languages * Ease-of client side processing across multiple platforms, especially mobile ### Sample Decoded Token  ### Library There are a few Go Libraries available for JWT which you can find in [JWT's official site](https://jwt.io/) and [awesome-go](https://github.com/avelino/awesome-go#authentication-and-oauth) [`Jose`](https://github.com/SermoDigital/jose) has more functionalities to offer than [`jwt-go`](https://github.com/dgrijalva/jwt-go). `jwt-go` seems to be more popular if github repo stars are considered as the method of judging popularity. However, both repo seem to be used very frequently for JWT. Among others, `cristalhq-jwt` and `jwt` seemed good for use. ### Links 1. [Official site](https://jwt.io/) 2. [SermoDigital-jose](https://github.com/SermoDigital/jose) 3. [jwt-go](https://github.com/dgrijalva/jwt-go) 4. [jwt](https://github.com/pascaldekloe/jwt) 5. [cristalhq-jwt](https://github.com/cristalhq/jwt)