jsonwebtoken

jsonwebtoken is the most widely used library for creating and verifying JSON Web Tokens (JWTs) in Node.js. JWTs are compact, URL-safe tokens that encode claims (data) as a JSON payload, signed with a secret (HMAC) or public/private key pair (RSA, ECDSA) to ensure integrity and authenticity. The library provides jwt.sign() for creating tokens with payload data, expiration times, issuers, and audiences, and jwt.verify() for validating tokens and extracting the decoded payload. JWTs are commonly used for stateless authentication in REST APIs — after login, the server issues a JWT that the client includes in subsequent requests, allowing the server to verify identity without session storage. The library supports symmetric signing (HS256, HS384, HS512) using a shared secret, and asymmetric signing (RS256, RS384, RS512, ES256, ES384, ES512, PS256) using RSA or ECDSA key pairs. jsonwebtoken handles token expiration checking, not-before claims, issuer and audience validation, and provides options for ignoring expiration during development. While the jose library offers a more modern, standards-compliant alternative, jsonwebtoken remains the most popular JWT library due to its simplicity and widespread adoption.