A compact token format used to securely pass user identity between your app and server.
A JWT (JSON Web Token, pronounced "jot") is a compact, self-contained Token used for authentication. After you log in, the Server creates a JWT containing your user ID and permissions, signed with a secret key. Your browser sends this token with every request.
JWTs are "self-contained" because the server can verify them without checking a Database — the signature proves the data hasn't been tampered with. They're transmitted securely over HTTPS/SSL. Supabase uses JWTs for RLS policies.
JWTs consist of three parts: header (algorithm), payload (user data), and signature (encrypted verification). They're central to modern API security and OAuth flows.
In Supabase authentication, JWTs serve as Access Tokens — short-lived credentials sent with every request. They work alongside Refresh Tokens, which are used to obtain new JWTs when they expire.
We give you the skills to build, deploy, and own a full product. Professional stack, AI co-pilot, no coding background required.