WTF Are JWTs?

JSON Web Tokens (JWTs) are standardized, compact, self-contained tokens for transmitting information securely between two parties. They emerged in the early 2010s as a more efficient and stateless alternative to traditional session-based authentication. JWTs consist of three base64-encoded segments: header, payload, and signature. The payload contains the actual data being transmitted, while the signature ensures the token's authenticity. JSON Web Key Sets (JWKS) provide a standardized way for services to share public keys used for verifying JWTs. In Neon Authorize, JWT claims are used to enforce row-level security policies in Postgres databases, ensuring users can only access data they are authorized to see.