Why should i use JWT not simple hashed token

Question

What is the need for JWT as there shall be no sensitive information shared?

I could create a token column, store it in db and recall it, to cross verify the token and get the user details.

The custom generated token can be hashed with a key so its not decoded. When its so simple, why to use a complicated JWT kind, that has information.

Answer 1

What is the need for JWT as there shall be no sensitive information shared?

A subject with a private id, the expiration date, or the issuer cannot be considered sensitive in most cases. And a token must be kept private between both parties since possession is the proof-of-authentication.

In any case, JWT content can be encrypted using JWE.

The custom generated token can be hashed with a key so its not decoded. When its so simple, why to use a complicated JWT kind, that has information.

JWT, compared with an opaque token system, has some advantages:

• no need of server storage for tokens
• tokens have an expiration date
• share information securely between parties.

And drawbacks...

• No revocation mechanism. It is not recommended to set a blacklist because it breaks JWT statelessness
• Increases token size