JWTs are a collection of [[IETF RFC]] (proposed) standards for formatting, signing, encrypting, and verifying secure payloads in a JSON format. JWTs themselves are just a way for sending data that may optionally be encrypted and/or signed by a key, either symmetric (shared secret) or asymmetric. They typically consist of a payload and a protected header. They are, IMO, a standardization of format over several common practices around authentication in web applications. The common standard formats include **JSON Web Encryption (JWE)**, **JSON Web Signature (JWS)**, and is built on the [[JSON]] standard format. There are additionally several standard substandard structures.