Grateful Grateful - 11 months ago 90
Node.js Question

Signing and verifying JWTs from two different platforms?

I am currently investigating the implementation of session-less authentication. However, I am wondering whether it is possible to create/sign JWT with something like Node.js, but decode/verify it with something else like PHP?

Any pointers would be appreciated.

Answer Source

Yes, JWT is a standard that specifies all the details related to the format, including creation and verification. It doesn't specify anything that is technology specific, which means completely disparate technologies can implement libraries that understand the JWT token format.

For example, you could use node-jsonwebtoken on the Node.js side of things and then php-jwt in your PHP application.

There could even be more than one library supporting JWT in your technology of choice. A good resource on this is to check the Libraries section of to see a list of available libraries.

Be advised that not all the libraries are created equal. Some may support more functionality than the others.