JWT Authentication

Overview

JWT provides stateless authentication by embedding user claims in a signed token. This skill should be invoked when implementing API authentication, single sign-on, or stateless session management.

Core Principles

• Stateless: No server-side session storage needed
• Signed: Use HMAC or RSA for token signing
• Claims-Based: Embed user info in token payload
• Expiration: Set appropriate token lifetimes

Preparation Checklist

• Choose signing algorithm (HS256, RS256)
• Generate secret key or key pair
• Define token claims structure
• Plan token storage strategy