It's a long answer which really depends on your application but memory or DB would be ok for server-side applications. For mobile or desktop, you'll more likely need to rely on something else...Keychain / Keystore / CredsLocker

JWT is used for authentication, not encryption.

@@GaryClarkeTech thank you nice video

In php you can do something like this...this is a little simplified but you should get the idea // Your data and secret key $data = "Your data here"; $secret_key = "your_secret_key"; // Create a signature using a cryptographic hash function, e.g., SHA-256 $signature = hash_hmac('sha256', $data, $secret_key, true); // Encode the signature in Base64 $encoded_signature = base64_encode($signature); echo $encoded_signature;

Awesome, thank you!

No problems at all... hopefully it helps! 🙂 I was about to get to work writing JWT's into one of my web apps, although now I'm not sure what the advantage of using JWT is over sessions in PHP? I was originally going to do it because I'm having trouble with cookies expiring after 15 mins unattended (think its the web server)... then I read people say don't store JWT in local storage, only in cookies... but my cookies are expiring anyway, so JWT would die with the expired cookie. What do you think the key advantage to using a JWT is? Thanks for your time... :-)