JWT is JSON web token, It has an information about expire date, email etc.., It helps to validate your request once you loggedIn to website. it was issued by server with secrete.

IS JWT Secure?

Yes, You can see the information of jwt but you can’t change the information because server generated jwt using secret key so if you change the information of jwt but the server[JWT generated server] is no longer to verify because of secrete mismatch.

How to generate JWT?

Every programming language has support to generate and verify the jwt with help of certain library.

What does JWT contains?

JWT has 3 section Header,Payload,Verify Signature, Header has an information about algorithm you used to encrypt, Payload has an actual information you need,Verify signature is signed by server using payload and secrete,Server won’t validate the jwt when you change jwt payload explicitly.

Note:- Never store password in Jwt

Example:-eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Visit below link to know more about Jwt

https://jwt.io/