What Is the Algorithm in a JWT?
The JWT header contains a field called alg (algorithm), which indicates the method used to sign the token. This algorithm helps create and verify the signature.
| Key | Value |
|---|---|
alg |
HS256 |
typ |
JWT |
What Is the "none" Algorithm?
JWT contains a special value: alg: none. This means the token has no signature — that is, the token has not been signed at all.
{
"alg": "none",
"typ": "JWT"
}
alg: none has no cryptographic signature. If a server accepts it, there is nothing to verify — any attacker can forge any payload they want.
How Does the Attack Work?
Let's assume your server does not perform the correct checks when verifying the JWT. Here is what an attacker can do:
- Obtain a valid JWT from a normal login
- Change its header → set
alg: none - Remove the signature entirely
- Add arbitrary data to the payload (e.g.,
role: admin) - Send it to the server
If the server mistakenly accepts this token, the attacker can gain full access.
Simple Example
alg: HS256
role: User
[Valid Signature ✓]
alg: none
role: Admin
[No Signature ✗]
If the server doesn't verify, the attacker can become an Admin.
Why Does This Problem Occur?
This problem occurs when:
- The server does not properly check the algorithm field from the header
- The
"none"algorithm is allowed by the library or server configuration - The JWT library is used incorrectly — for example, using a decode-only function instead of verify
This is exactly why you should always use jwt.verify() and never rely on jwt.decode() alone for authentication — as explained in our guide on decoding a JWT without the secret key.
How to Avoid It?
Be sure to follow these steps:
- Disable the
"none"algorithm — always ensure your server rejects tokens withalg: none - Use a fixed algorithm — hardcode the algorithm on the server (e.g.,
HS256) and allow only that. According to OWASP's JWT security cheat sheet, always explicitly specify and enforce the expected algorithm on the server side - Use a proper JWT library — use trusted libraries that are secure by default
- Don't forget to verify the signature — always verify the JWT signature on every request
- Use updated libraries — outdated libraries may contain bugs, so always use the latest version
Quick Security Checklist
| Check | Safe? |
|---|---|
| Algorithm is hardcoded on the server | ✅ Required |
"none" algorithm is not allowed |
✅ Required |
| Signature verification runs on every request | ✅ Required |
| JWT library is trusted and up-to-date | ✅ Required |
Using alg: none in production |
❌ Never |
Things to Keep in Mind
- Don't blindly trust JWTs — always validate them
- Don't accept what's written in the header directly — never let the token dictate which algorithm to use
- Always perform server-side validation on every request
The Bottom Line
The "none" algorithm attack is a simple but dangerous method that allows an attacker to send a fake token without a signature. If you follow proper validation and security rules, this attack can be easily prevented.
- Never allow
alg: noneon your server — reject such tokens immediately - Always hardcode the expected algorithm (e.g.,
HS256) server-side - Always verify the signature on every request — never just decode
- Use a trusted, up-to-date JWT library
- Never let the token's own header decide which algorithm to use
🔐 Protect your JWT with a strong, cryptographically secure secret. Generate yours instantly at jwtsecretkeygenerator.com — free, browser-based, and never stored on any server.
Frequently Asked Questions
What is the JWT none algorithm attack?
The JWT none algorithm attack is a vulnerability where an attacker modifies a valid JWT's header to set alg to 'none' and removes the signature. If the server incorrectly accepts unsigned tokens, the attacker can forge any payload — for example, escalating their role to admin — and gain unauthorized access.
How do you prevent the JWT none algorithm attack?
Prevent the JWT none algorithm attack by: (1) Always rejecting tokens with alg set to none on the server. (2) Hardcoding the expected algorithm (e.g. HS256) in your verification logic. (3) Using a trusted, up-to-date JWT library. (4) Always verifying the signature on every request. (5) Never trusting what is written in the JWT header without server-side validation.
Why does the none algorithm attack work?
The attack works when a server does not properly validate the algorithm field in the JWT header. If the server allows the 'none' algorithm, accepts tokens without verifying the signature, or uses a misconfigured JWT library, an attacker can send a tampered, unsigned token that the server accepts as valid.
Which JWT algorithm is safe to use?
HS256 (HMAC SHA-256) is a widely used and secure algorithm for symmetric JWT signing. RS256 (RSA SHA-256) is recommended for asymmetric scenarios where separate public and private keys are needed. Always hardcode the expected algorithm on the server and never allow 'none'.
