[{"data":1,"prerenderedAt":3046},["ShallowReactive",2],{"/post/everything-about-json-web-tokens-explained":3,"related-/backend/everything-about-json-web-tokens-explained":1442},{"id":4,"title":5,"author":6,"body":7,"date":1426,"description":1427,"draft":1428,"extension":1429,"guide":1430,"image":1431,"meta":1432,"navigation":428,"path":1433,"seo":1434,"stem":1435,"tags":1436,"__hash__":1441},"blog/Backend/1.everything-about-json-web-tokens-explained.md","Everything You Actually Need to Know About JWT (Without the Fluff)","Kashyap Kumar",{"type":8,"value":9,"toc":1400},"minimark",[10,14,19,30,37,43,47,55,68,72,79,82,127,130,134,145,152,157,172,231,250,254,265,359,368,372,379,481,488,492,499,502,506,509,623,627,637,641,654,659,663,666,670,677,680,684,695,698,707,711,714,787,793,830,835,1075,1079,1082,1087,1101,1106,1129,1138,1142,1145,1150,1167,1172,1188,1192,1199,1202,1241,1245,1248,1317,1322,1386,1390,1396],[11,12,13],"p",{},"Welcome, engineers! Today, we’re going to demystify JSON Web Tokens (JWT). By the end of this article, you’ll understand what JWTs are, why they’re used everywhere, and how they work under the hood—all with simple analogies and practical examples.",[15,16,18],"h2",{"id":17},"what-is-jwt-and-why-does-it-matter","What is JWT and Why Does it Matter?",[11,20,21,25,26,29],{},[22,23,24],"strong",{},"JSON Web Token (JWT)"," is an open internet standard defined in ",[22,27,28],{},"RFC 7519",". At its core, it is a compact, URL-safe string that encodes a set of claims — verifiable facts about a user or session — as a JSON object, and then digitally signs them so the receiver can trust what they read.",[11,31,32,33,36],{},"Think of a JWT the way you think of a ",[22,34,35],{},"government-issued ID card",". The card contains your name, date of birth, and a photo. Anyone who sees it can read the information. But crucially, it carries an official seal or hologram that only the government can produce — so you can't just forge one at home. JWT works on exactly the same principle: the token carries readable data, but it is cryptographically sealed so nobody can tamper with it.",[38,39,40],"blockquote",{},[11,41,42],{},"Imagine you log into your company's internal dashboard. The server creates a little \"badge\" for you that says: \"This person is X, their role is admin, and this badge is valid until 5 PM.\" The badge is stamped with the server's private seal. Every time you visit a protected page, you flash this badge at the door. The door doesn't need to call HR — it can verify the stamp itself, instantly.",[15,44,46],{"id":45},"a-real-world-example","A Real-World Example",[11,48,49,50,54],{},"You open your favourite music streaming app. You type your email and password and hit \"Log In\". The app's server checks your credentials and, upon success, generates a JWT that encodes your user ID, subscription tier, and an expiration time of one hour. It sends this token back to your browser. For the rest of the session, every API request your browser makes — \"fetch my playlists,\" \"play this song,\" \"update my preferences\" — attaches this JWT in the ",[51,52,53],"code",{},"Authorization"," header. The API server reads and verifies the token and immediately knows who you are and what you're allowed to do, without a single database lookup.",[38,56,57],{},[11,58,59,60,63,64,67],{},"Why this matters\nIn a world of microservices, mobile apps, and third-party APIs, passing session cookies between services is cumbersome and fragile. JWTs are ",[22,61,62],{},"stateless"," and ",[22,65,66],{},"self-contained"," — any service that knows the signing key can independently verify a token with zero coordination.",[15,69,71],{"id":70},"the-problem-jwt-solves","The Problem JWT Solves",[11,73,74,75,78],{},"Before JWTs, the dominant approach was ",[22,76,77],{},"server-side sessions",". When you logged in, the server would create a session record in a database or in memory and hand you a random session ID (typically stored in a cookie). On every request, the server would look up that session ID to figure out who you were.",[11,80,81],{},"This worked fine for small, single-server applications. But it had serious problems at scale:",[83,84,85,95,103,119],"ul",{},[86,87,88,91,94],"li",{},[22,89,90],{},"Stickiness problem",[92,93],"br",{},"If you have 10 servers behind a load balancer, the server that created your session must also be the one that receives future requests — otherwise it won't find your session in memory.",[86,96,97,100,102],{},[22,98,99],{},"Database bottleneck",[92,101],{},"Every protected API call requires a database query to validate the session. Under heavy traffic, this becomes a significant overhead.",[86,104,105,108,110,111,114,115,118],{},[22,106,107],{},"Cross-domain friction",[92,109],{},"Cookies work poorly across different domains. If your frontend is on ",[51,112,113],{},"app.example.com"," and your API is on ",[51,116,117],{},"api.other.com",", sharing session cookies requires careful and fragile CORS configuration.",[86,120,121,124,126],{},[22,122,123],{},"Microservices mismatch",[92,125],{},"In a microservices architecture, each service would need to either share a session store or call a central auth service on every request. Both options add latency and coupling.",[11,128,129],{},"JWTs eliminate these problems. The token itself is the session — it carries all the information needed for verification. No shared state. No database lookup. No sticky sessions.",[15,131,133],{"id":132},"structure-of-a-jwt-three-parts-separated-by-dots","Structure of a JWT: Three Parts, Separated by Dots",[11,135,136,137,140,141,144],{},"A JWT looks intimidating at first glance — just a long blob of characters. But it has a very precise structure: ",[22,138,139],{},"three Base64URL-encoded sections",", separated by dots (",[51,142,143],{},".",").",[11,146,147],{},[148,149],"img",{"alt":150,"src":151},"Structure of JWT","/post-images/everything-about-json-web-tokens-explained/structure-of-jwt.png",[153,154,156],"h3",{"id":155},"part-1-the-header","Part 1 — The Header",[11,158,159,160,163,164,167,168,171],{},"The header is a ",[22,161,162],{},"JSON object"," that declares the ",[22,165,166],{},"token type"," and the ",[22,169,170],{},"signing algorithm",". It's Base64URL encoded and placed as the first segment.",[173,174,179],"pre",{"className":175,"code":176,"language":177,"meta":178,"style":178},"language-json shiki shiki-themes github-dark","{\n  \"alg\": \"HS256\",   // Algorithm: HMAC + SHA-256\n  \"typ\": \"JWT\"    // Token type: JSON Web Token\n}\n","json","",[51,180,181,190,211,225],{"__ignoreMap":178},[182,183,186],"span",{"class":184,"line":185},"line",1,[182,187,189],{"class":188},"s95oV","{\n",[182,191,193,197,200,204,207],{"class":184,"line":192},2,[182,194,196],{"class":195},"sDLfK","  \"alg\"",[182,198,199],{"class":188},": ",[182,201,203],{"class":202},"sU2Wk","\"HS256\"",[182,205,206],{"class":188},",   ",[182,208,210],{"class":209},"sAwPA","// Algorithm: HMAC + SHA-256\n",[182,212,214,217,219,222],{"class":184,"line":213},3,[182,215,216],{"class":195},"  \"typ\"",[182,218,199],{"class":188},[182,220,221],{"class":202},"\"JWT\"",[182,223,224],{"class":209},"    // Token type: JSON Web Token\n",[182,226,228],{"class":184,"line":227},4,[182,229,230],{"class":188},"}\n",[11,232,233,234,237,238,241,242,245,246,249],{},"Common values for ",[51,235,236],{},"alg"," include ",[51,239,240],{},"HS256"," (symmetric key, shared secret), ",[51,243,244],{},"RS256"," (RSA asymmetric key pair), and ",[51,247,248],{},"ES256"," (Elliptic Curve). The choice of algorithm has significant security implications, which we'll cover in the Signing section.",[153,251,253],{"id":252},"part-2-the-payload","Part 2 — The Payload",[11,255,256,257,260,261,264],{},"The payload is the ",[22,258,259],{},"actual data"," — a JSON object of key-value pairs called ",[22,262,263],{},"claims",". Claims describe the user or session and carry any additional information the application needs.",[173,266,268],{"className":175,"code":267,"language":177,"meta":178,"style":178},"{\n  \"sub\":  \"user_123\",       // Subject: who this token is about\n  \"name\": \"Kashyap\",        // Custom claim: user's display name\n  \"role\": \"admin\",         // Custom claim: access role\n  \"iat\":  1716239022,      // Issued At (Unix timestamp)\n  \"exp\":  1716242622       // Expires At (iat + 1 hour)\n}\n",[51,269,270,274,291,307,323,340,354],{"__ignoreMap":178},[182,271,272],{"class":184,"line":185},[182,273,189],{"class":188},[182,275,276,279,282,285,288],{"class":184,"line":192},[182,277,278],{"class":195},"  \"sub\"",[182,280,281],{"class":188},":  ",[182,283,284],{"class":202},"\"user_123\"",[182,286,287],{"class":188},",       ",[182,289,290],{"class":209},"// Subject: who this token is about\n",[182,292,293,296,298,301,304],{"class":184,"line":213},[182,294,295],{"class":195},"  \"name\"",[182,297,199],{"class":188},[182,299,300],{"class":202},"\"Kashyap\"",[182,302,303],{"class":188},",        ",[182,305,306],{"class":209},"// Custom claim: user's display name\n",[182,308,309,312,314,317,320],{"class":184,"line":227},[182,310,311],{"class":195},"  \"role\"",[182,313,199],{"class":188},[182,315,316],{"class":202},"\"admin\"",[182,318,319],{"class":188},",         ",[182,321,322],{"class":209},"// Custom claim: access role\n",[182,324,326,329,331,334,337],{"class":184,"line":325},5,[182,327,328],{"class":195},"  \"iat\"",[182,330,281],{"class":188},[182,332,333],{"class":195},"1716239022",[182,335,336],{"class":188},",      ",[182,338,339],{"class":209},"// Issued At (Unix timestamp)\n",[182,341,343,346,348,351],{"class":184,"line":342},6,[182,344,345],{"class":195},"  \"exp\"",[182,347,281],{"class":188},[182,349,350],{"class":195},"1716242622",[182,352,353],{"class":209},"       // Expires At (iat + 1 hour)\n",[182,355,357],{"class":184,"line":356},7,[182,358,230],{"class":188},[38,360,361],{},[11,362,363,364,367],{},"The Payload is NOT Secret\nThe payload is base64‑encoded, not encrypted. Base64URL encoding is ",[22,365,366],{},"not encryption",". Anyone who has the token can decode and read the payload. Never put passwords, credit card numbers, or anything sensitive in the payload. JWTs are designed to be tamper-proof, not confidential.",[153,369,371],{"id":370},"part-3-the-signature","Part 3 — The Signature",[11,373,374,375,378],{},"The signature is the cryptographic stamp that proves the token has not been altered. The signature is created by combining the encoded header, encoded payload, a ",[22,376,377],{},"secret"," (or private key), and the algorithm specified in the header.",[173,380,384],{"className":381,"code":382,"language":383,"meta":178,"style":178},"language-js shiki shiki-themes github-dark","// Pseudocode\nconst data = base64url(header) + \".\" + base64url(payload);\n\n// For HS256 (symmetric)\nsignature = HMAC_SHA256(data, SECRET_KEY);\n\n// For RS256 (asymmetric)\nsignature = RSA_SHA256_SIGN(data, PRIVATE_KEY);\n","js",[51,385,386,391,424,430,435,455,459,464],{"__ignoreMap":178},[182,387,388],{"class":184,"line":185},[182,389,390],{"class":209},"// Pseudocode\n",[182,392,393,397,400,403,407,410,413,416,419,421],{"class":184,"line":192},[182,394,396],{"class":395},"snl16","const",[182,398,399],{"class":195}," data",[182,401,402],{"class":395}," =",[182,404,406],{"class":405},"svObZ"," base64url",[182,408,409],{"class":188},"(header) ",[182,411,412],{"class":395},"+",[182,414,415],{"class":202}," \".\"",[182,417,418],{"class":395}," +",[182,420,406],{"class":405},[182,422,423],{"class":188},"(payload);\n",[182,425,426],{"class":184,"line":213},[182,427,429],{"emptyLinePlaceholder":428},true,"\n",[182,431,432],{"class":184,"line":227},[182,433,434],{"class":209},"// For HS256 (symmetric)\n",[182,436,437,440,443,446,449,452],{"class":184,"line":325},[182,438,439],{"class":188},"signature ",[182,441,442],{"class":395},"=",[182,444,445],{"class":405}," HMAC_SHA256",[182,447,448],{"class":188},"(data, ",[182,450,451],{"class":195},"SECRET_KEY",[182,453,454],{"class":188},");\n",[182,456,457],{"class":184,"line":342},[182,458,429],{"emptyLinePlaceholder":428},[182,460,461],{"class":184,"line":356},[182,462,463],{"class":209},"// For RS256 (asymmetric)\n",[182,465,467,469,471,474,476,479],{"class":184,"line":466},8,[182,468,439],{"class":188},[182,470,442],{"class":395},[182,472,473],{"class":405}," RSA_SHA256_SIGN",[182,475,448],{"class":188},[182,477,478],{"class":195},"PRIVATE_KEY",[182,480,454],{"class":188},[11,482,483,484,487],{},"The final JWT is just these three parts concatenated with dots: ",[51,485,486],{},"header.payload.signature",". If anyone changes even a single character in the payload, the signature will no longer match — and the server will reject the token.",[15,489,491],{"id":490},"claims-the-heart-of-the-payload","Claims — The Heart of the Payload",[11,493,494,495,498],{},"A ",[22,496,497],{},"claim"," is simply a key-value pair inside the payload. The word \"claim\" reflects the fact that the token is asserting something about a subject — \"I claim that this user is an admin\" — and the signature is what makes that assertion trustworthy.",[11,500,501],{},"Claims are categorised into three types:",[153,503,505],{"id":504},"registered-claims-standardised","Registered Claims (Standardised)",[11,507,508],{},"These are defined in RFC 7519. They are not mandatory but are strongly recommended because they are understood by all JWT libraries. They are intentionally short (3 characters) to keep tokens compact.",[510,511,512,528],"table",{},[513,514,515],"thead",{},[516,517,518,522,525],"tr",{},[519,520,521],"th",{},"Claim",[519,523,524],{},"Full Name",[519,526,527],{},"Description",[529,530,531,545,558,571,584,597,610],"tbody",{},[516,532,533,539,542],{},[534,535,536],"td",{},[51,537,538],{},"iss",[534,540,541],{},"Issuer",[534,543,544],{},"Who created and signed the token (e.g., \"auth.myapp.com\")",[516,546,547,552,555],{},[534,548,549],{},[51,550,551],{},"sub",[534,553,554],{},"Subject",[534,556,557],{},"Who the token is about (e.g., a user ID)",[516,559,560,565,568],{},[534,561,562],{},[51,563,564],{},"aud",[534,566,567],{},"Audience",[534,569,570],{},"Who the token is intended for (e.g., \"api.myapp.com\")",[516,572,573,578,581],{},[534,574,575],{},[51,576,577],{},"exp",[534,579,580],{},"Expiration",[534,582,583],{},"Unix timestamp after which the token must be rejected",[516,585,586,591,594],{},[534,587,588],{},[51,589,590],{},"nbf",[534,592,593],{},"Not Before",[534,595,596],{},"Token is invalid before this Unix timestamp",[516,598,599,604,607],{},[534,600,601],{},[51,602,603],{},"iat",[534,605,606],{},"Issued At",[534,608,609],{},"Unix timestamp when the token was created",[516,611,612,617,620],{},[534,613,614],{},[51,615,616],{},"jti",[534,618,619],{},"JWT ID",[534,621,622],{},"A unique ID for this token — useful for preventing replay attacks",[153,624,626],{"id":625},"public-claims","Public Claims",[11,628,629,630,633,634,144],{},"These are custom claims that you define yourself. To avoid conflicts with other applications, they should either be registered in the ",[22,631,632],{},"IANA JWT Registry"," or use a collision-resistant name such as a URI (e.g., ",[51,635,636],{},"\"https://myapp.com/claims/role\"",[153,638,640],{"id":639},"private-claims","Private Claims",[11,642,643,644,647,648,647,651,143],{},"These are custom claims agreed upon between the specific issuer and consumer of the token — your backend and your frontend, for example. Since they're not shared with anyone else, collision resistance doesn't matter here. Examples: ",[51,645,646],{},"\"role\"",", ",[51,649,650],{},"\"plan\"",[51,652,653],{},"\"teamId\"",[38,655,656],{},[11,657,658],{},"Practical tip\nKeep your payload small. Every API call transmits the entire token. Include only what the server actually needs to make an authorization decision — typically user ID, role, and expiration. Avoid embedding profile data that can be fetched on demand.",[15,660,662],{"id":661},"signing-algorithms","Signing Algorithms",[11,664,665],{},"JWT supports two families of signing algorithms. Choosing the right one depends on your architecture.",[153,667,669],{"id":668},"symmetric-hmac-hs256-hs384-hs512","Symmetric — HMAC (HS256, HS384, HS512)",[11,671,672,673,676],{},"Both the issuer and the verifier use the ",[22,674,675],{},"same secret key"," to sign and verify. This is simple and fast, but requires all verifying services to share the secret — meaning if any one of them is compromised, an attacker can forge tokens.",[11,678,679],{},"Best for: single-service architectures or cases where you fully control all verifying parties.",[153,681,683],{"id":682},"asymmetric-rsa-ecdsa-rs256-es256","Asymmetric — RSA / ECDSA (RS256, ES256)",[11,685,686,687,690,691,694],{},"The issuing server signs tokens with a ",[22,688,689],{},"private key",". Verifying services only need the corresponding ",[22,692,693],{},"public key",". Sharing a public key is safe — it cannot be used to forge tokens, only to verify them.",[11,696,697],{},"Best for: microservices, multi-tenant systems, and any architecture where tokens are verified by parties you don't fully control (e.g., third-party services).",[38,699,700],{},[11,701,702,703,706],{},"Never Use ",[51,704,705],{},"\"alg\": \"none\"","\nThe JWT specification technically allows a \"none\" algorithm meaning no signature at all. Some early libraries trusted this — and attackers exploited it to forge arbitrary tokens. Any production-grade library rejects unsigned tokens by default. Always verify that your library is configured to require a valid algorithm.",[15,708,710],{"id":709},"the-jwt-authentication-flow","The JWT Authentication Flow",[11,712,713],{},"Here is the complete end-to-end flow of JWT-based authentication — from login to accessing a protected resource.",[715,716,717,729,737,745,757,772],"ol",{},[86,718,719,722,724,725,728],{},[22,720,721],{},"User submits credentials",[92,723],{},"\nThe client sends a ",[51,726,727],{},"POST /login"," request with username and password over HTTPS.",[86,730,731,734,736],{},[22,732,733],{},"Server authenticates",[92,735],{},"\nThe auth server validates the credentials against the database. If correct, it proceeds to generate a token.",[86,738,739,742,744],{},[22,740,741],{},"Server issues a JWT",[92,743],{},"\nThe server builds a payload with the user's ID, role, and expiration time, signs it with the secret key, and returns the full token to the client.",[86,746,747,750,752,753,756],{},[22,748,749],{},"Client stores the token",[92,751],{},"\nThe client stores the JWT — ideally in an ",[51,754,755],{},"HttpOnly"," cookie to prevent JavaScript access (XSS protection). Local storage is convenient but less secure.",[86,758,759,762,764,765,767,768,771],{},[22,760,761],{},"Client sends the token on every request",[92,763],{},"\nFor each API call to a protected endpoint, the client attaches the token in the ",[51,766,53],{}," header using the ",[51,769,770],{},"Bearer"," schema:",[86,773,774,777,779,780,647,782,647,784,786],{},[22,775,776],{},"Server verifies and responds",[92,778],{},"\nThe API server re-computes the signature and checks the claims (",[51,781,577],{},[51,783,538],{},[51,785,564],{},"). If everything checks out, access is granted. No database call needed.",[11,788,789],{},[790,791,792],"em",{},"Step 5 — Authorization Header Format",[173,794,798],{"className":795,"code":796,"language":797,"meta":178,"style":178},"language-bash shiki shiki-themes github-dark","GET /api/playlists HTTP/1.1\nHost: api.musicapp.com\nAuthorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...\n","bash",[51,799,800,811,819],{"__ignoreMap":178},[182,801,802,805,808],{"class":184,"line":185},[182,803,804],{"class":405},"GET",[182,806,807],{"class":202}," /api/playlists",[182,809,810],{"class":202}," HTTP/1.1\n",[182,812,813,816],{"class":184,"line":192},[182,814,815],{"class":405},"Host:",[182,817,818],{"class":202}," api.musicapp.com\n",[182,820,821,824,827],{"class":184,"line":213},[182,822,823],{"class":405},"Authorization:",[182,825,826],{"class":202}," Bearer",[182,828,829],{"class":202}," eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdW...\n",[11,831,832],{},[790,833,834],{},"Step 3 + 6 — Node.js Example (jsonwebtoken library)",[173,836,838],{"className":381,"code":837,"language":383,"meta":178,"style":178},"const jwt = require('jsonwebtoken');\nconst SECRET = process.env.JWT_SECRET;\n\n// On login: issue a token\nfunction issueToken(user) {\n  return jwt.sign(\n    { sub: user.id, role: user.role },\n    SECRET,\n    { expiresIn: '1h', issuer: 'auth.myapp.com' }\n  );\n}\n\n// On every protected request: verify the token\nfunction verifyToken(token) {\n  try {\n    return jwt.verify(token, SECRET, {\n      issuer: 'auth.myapp.com'\n    }); // Returns decoded payload if valid\n  } catch (err) {\n    throw new Error('Invalid or expired token');\n  }\n}\n",[51,839,840,860,878,882,887,904,918,923,931,949,955,960,965,971,986,995,1015,1024,1033,1045,1064,1070],{"__ignoreMap":178},[182,841,842,844,847,849,852,855,858],{"class":184,"line":185},[182,843,396],{"class":395},[182,845,846],{"class":195}," jwt",[182,848,402],{"class":395},[182,850,851],{"class":405}," require",[182,853,854],{"class":188},"(",[182,856,857],{"class":202},"'jsonwebtoken'",[182,859,454],{"class":188},[182,861,862,864,867,869,872,875],{"class":184,"line":192},[182,863,396],{"class":395},[182,865,866],{"class":195}," SECRET",[182,868,402],{"class":395},[182,870,871],{"class":188}," process.env.",[182,873,874],{"class":195},"JWT_SECRET",[182,876,877],{"class":188},";\n",[182,879,880],{"class":184,"line":213},[182,881,429],{"emptyLinePlaceholder":428},[182,883,884],{"class":184,"line":227},[182,885,886],{"class":209},"// On login: issue a token\n",[182,888,889,892,895,897,901],{"class":184,"line":325},[182,890,891],{"class":395},"function",[182,893,894],{"class":405}," issueToken",[182,896,854],{"class":188},[182,898,900],{"class":899},"s9osk","user",[182,902,903],{"class":188},") {\n",[182,905,906,909,912,915],{"class":184,"line":342},[182,907,908],{"class":395},"  return",[182,910,911],{"class":188}," jwt.",[182,913,914],{"class":405},"sign",[182,916,917],{"class":188},"(\n",[182,919,920],{"class":184,"line":356},[182,921,922],{"class":188},"    { sub: user.id, role: user.role },\n",[182,924,925,928],{"class":184,"line":466},[182,926,927],{"class":195},"    SECRET",[182,929,930],{"class":188},",\n",[182,932,934,937,940,943,946],{"class":184,"line":933},9,[182,935,936],{"class":188},"    { expiresIn: ",[182,938,939],{"class":202},"'1h'",[182,941,942],{"class":188},", issuer: ",[182,944,945],{"class":202},"'auth.myapp.com'",[182,947,948],{"class":188}," }\n",[182,950,952],{"class":184,"line":951},10,[182,953,954],{"class":188},"  );\n",[182,956,958],{"class":184,"line":957},11,[182,959,230],{"class":188},[182,961,963],{"class":184,"line":962},12,[182,964,429],{"emptyLinePlaceholder":428},[182,966,968],{"class":184,"line":967},13,[182,969,970],{"class":209},"// On every protected request: verify the token\n",[182,972,974,976,979,981,984],{"class":184,"line":973},14,[182,975,891],{"class":395},[182,977,978],{"class":405}," verifyToken",[182,980,854],{"class":188},[182,982,983],{"class":899},"token",[182,985,903],{"class":188},[182,987,989,992],{"class":184,"line":988},15,[182,990,991],{"class":395},"  try",[182,993,994],{"class":188}," {\n",[182,996,998,1001,1003,1006,1009,1012],{"class":184,"line":997},16,[182,999,1000],{"class":395},"    return",[182,1002,911],{"class":188},[182,1004,1005],{"class":405},"verify",[182,1007,1008],{"class":188},"(token, ",[182,1010,1011],{"class":195},"SECRET",[182,1013,1014],{"class":188},", {\n",[182,1016,1018,1021],{"class":184,"line":1017},17,[182,1019,1020],{"class":188},"      issuer: ",[182,1022,1023],{"class":202},"'auth.myapp.com'\n",[182,1025,1027,1030],{"class":184,"line":1026},18,[182,1028,1029],{"class":188},"    }); ",[182,1031,1032],{"class":209},"// Returns decoded payload if valid\n",[182,1034,1036,1039,1042],{"class":184,"line":1035},19,[182,1037,1038],{"class":188},"  } ",[182,1040,1041],{"class":395},"catch",[182,1043,1044],{"class":188}," (err) {\n",[182,1046,1048,1051,1054,1057,1059,1062],{"class":184,"line":1047},20,[182,1049,1050],{"class":395},"    throw",[182,1052,1053],{"class":395}," new",[182,1055,1056],{"class":405}," Error",[182,1058,854],{"class":188},[182,1060,1061],{"class":202},"'Invalid or expired token'",[182,1063,454],{"class":188},[182,1065,1067],{"class":184,"line":1066},21,[182,1068,1069],{"class":188},"  }\n",[182,1071,1073],{"class":184,"line":1072},22,[182,1074,230],{"class":188},[15,1076,1078],{"id":1077},"validation-vs-verification","Validation vs. Verification",[11,1080,1081],{},"These two terms are often used interchangeably, but they mean different things and both are necessary.",[11,1083,1084],{},[22,1085,1086],{},"Verification (Cryptographic)",[83,1088,1089,1092,1095,1098],{},[86,1090,1091],{},"Re-computes the signature using the secret/public key",[86,1093,1094],{},"Confirms the token was issued by a trusted party",[86,1096,1097],{},"Confirms the header and payload have not been altered",[86,1099,1100],{},"A single failed bit in the signature rejects the token",[11,1102,1103],{},[22,1104,1105],{},"Validation (Claims-based)",[83,1107,1108,1114,1119,1124],{},[86,1109,1110,1111,1113],{},"Checks ",[51,1112,577],{},": is the token still valid?",[86,1115,1110,1116,1118],{},[51,1117,590],{},": is it too early to use?",[86,1120,1110,1121,1123],{},[51,1122,538],{},": is the issuer expected?",[86,1125,1110,1126,1128],{},[51,1127,564],{},": is this token meant for us?",[11,1130,1131,1132,1134,1135,143],{},"A token can pass cryptographic verification but still be invalid — for example, if it was issued yesterday and its ",[51,1133,577],{}," claim has passed. Your server must ",[22,1136,1137],{},"always do both",[15,1139,1141],{"id":1140},"trade-offs-and-limitations","Trade-offs and Limitations",[11,1143,1144],{},"JWTs are powerful but not a silver bullet. Understanding their limitations will save you from real production incidents.",[11,1146,1147],{},[22,1148,1149],{},"Strengths",[83,1151,1152,1155,1158,1161,1164],{},[86,1153,1154],{},"Stateless — no server memory or session store required",[86,1156,1157],{},"Self-contained — all info is in the token itself",[86,1159,1160],{},"Cross-domain — works across microservices and domains",[86,1162,1163],{},"Language-agnostic — libraries exist for every platform",[86,1165,1166],{},"Performance — eliminates per-request database lookups",[11,1168,1169],{},[22,1170,1171],{},"Weaknesses",[83,1173,1174,1179,1182,1185],{},[86,1175,1176,1177],{},"Hard to revoke — a valid token stays valid until ",[51,1178,577],{},[86,1180,1181],{},"Size — larger than an opaque session ID cookie",[86,1183,1184],{},"Key leak — a leaked secret allows unlimited token forgery",[86,1186,1187],{},"Complexity — more moving parts than a simple session cookie",[153,1189,1191],{"id":1190},"the-revocation-problem-in-detail","The Revocation Problem in Detail",[11,1193,1194,1195,1198],{},"This is the most common gotcha for beginners. Because JWTs are stateless, the server has no record of which tokens it issued. If a user logs out or you need to ban an account, you ",[22,1196,1197],{},"cannot invalidate a JWT that is already out in the wild"," — at least not without extra infrastructure.",[11,1200,1201],{},"The standard solutions are:",[715,1203,1204,1219,1233],{},[86,1205,1206,1209,1211,1212,1214,1215,1218],{},[22,1207,1208],{},"Short expiration times",[92,1210],{},"\nSet ",[51,1213,577],{}," to a short window (5–15 minutes). Pair with a longer-lived ",[22,1216,1217],{},"refresh token"," to silently obtain a new access token. This limits the blast radius of any stolen token.",[86,1220,1221,1224,1226,1227,1229,1230,1232],{},[22,1222,1223],{},"Token blocklist (denylist)",[92,1225],{},"\nStore revoked ",[51,1228,616],{}," (JWT ID) values in a fast store like Redis. On every request, check if the token's ",[51,1231,616],{}," is on the blocklist. This reintroduces some state but only for the invalidated tokens.",[86,1234,1235,1238,1240],{},[22,1236,1237],{},"Key rotation",[92,1239],{},"\nRotating the signing key instantly invalidates all existing tokens — a useful \"nuclear option\" in a security incident.",[15,1242,1244],{"id":1243},"best-practices","Best Practices",[11,1246,1247],{},"Security is not accidental. Here are some rules that matter most when implementing JWTs in production.",[715,1249,1250,1258,1277,1285,1293,1309],{},[86,1251,1252,1255,1257],{},[22,1253,1254],{},"Always Use HTTPS",[92,1256],{},"\nA JWT transmitted over plain HTTP can be intercepted. Always enforce TLS. There are no exceptions to this rule.",[86,1259,1260,1263,1265,1266,1269,1270,1273,1274,1276],{},[22,1261,1262],{},"Store Tokens in HttpOnly Cookies",[92,1264],{},"\nStoring JWTs in ",[51,1267,1268],{},"localStorage"," or ",[51,1271,1272],{},"sessionStorage"," makes them accessible to any JavaScript running on the page — including malicious scripts injected via XSS attacks. An ",[51,1275,755],{}," cookie is inaccessible to JavaScript by design.",[86,1278,1279,1282,1284],{},[22,1280,1281],{},"Keep Expiration Times Short",[92,1283],{},"\nAccess tokens should expire in minutes or at most an hour. Use a separate, longer-lived refresh token to renew them silently. This way, even a stolen access token is only useful for a short window.",[86,1286,1287,1290,1292],{},[22,1288,1289],{},"Never Store Sensitive Data in the Payload",[92,1291],{},"\nThe payload is only Base64URL encoded — not encrypted. Anyone who intercepts the token (even over HTTPS, if they have access to the client device) can decode it. Store only non-sensitive identifiers like user ID and role.",[86,1294,1295,1298,1300,1301,647,1303,1305,1306,1308],{},[22,1296,1297],{},"Validate All Registered Claims",[92,1299],{},"\nDo not assume your library validates everything by default. Explicitly check ",[51,1302,577],{},[51,1304,538],{},", and ",[51,1307,564],{},". The few lines of code required here prevent entire categories of attacks.",[86,1310,1311,1314,1316],{},[22,1312,1313],{},"Prefer RS256 / ES256 for Distributed Systems",[92,1315],{},"\nIn any system where multiple services verify tokens, use an asymmetric algorithm. Each service only needs the public key — sharing a private key across services is a security liability.",[11,1318,1319],{},[790,1320,1321],{},"Verification with explicit claim checks:",[173,1323,1325],{"className":381,"code":1324,"language":383,"meta":178,"style":178},"// Always pass verification options explicitly\njwt.verify(token, publicKey, {\n  algorithms: ['RS256'],      // Never allow 'none'\n  issuer:     'auth.example.com',\n  audience:   'api.example.com',\n  // 'exp' is checked automatically by the library\n});\n",[51,1326,1327,1332,1342,1356,1366,1376,1381],{"__ignoreMap":178},[182,1328,1329],{"class":184,"line":185},[182,1330,1331],{"class":209},"// Always pass verification options explicitly\n",[182,1333,1334,1337,1339],{"class":184,"line":192},[182,1335,1336],{"class":188},"jwt.",[182,1338,1005],{"class":405},[182,1340,1341],{"class":188},"(token, publicKey, {\n",[182,1343,1344,1347,1350,1353],{"class":184,"line":213},[182,1345,1346],{"class":188},"  algorithms: [",[182,1348,1349],{"class":202},"'RS256'",[182,1351,1352],{"class":188},"],      ",[182,1354,1355],{"class":209},"// Never allow 'none'\n",[182,1357,1358,1361,1364],{"class":184,"line":227},[182,1359,1360],{"class":188},"  issuer:     ",[182,1362,1363],{"class":202},"'auth.example.com'",[182,1365,930],{"class":188},[182,1367,1368,1371,1374],{"class":184,"line":325},[182,1369,1370],{"class":188},"  audience:   ",[182,1372,1373],{"class":202},"'api.example.com'",[182,1375,930],{"class":188},[182,1377,1378],{"class":184,"line":342},[182,1379,1380],{"class":209},"  // 'exp' is checked automatically by the library\n",[182,1382,1383],{"class":184,"line":356},[182,1384,1385],{"class":188},"});\n",[15,1387,1389],{"id":1388},"summary","Summary",[11,1391,1392,1393,1395],{},"Use JWTs for stateless, cross-service authorization. Keep them short-lived. Transmit only over HTTPS. Store in ",[51,1394,755],{}," cookies. Never put secrets in the payload. Always verify the signature and all critical claims. For multi-service architectures, use RS256 so only one service ever touches the private key.",[1397,1398,1399],"style",{},"html pre.shiki code .s95oV, html code.shiki .s95oV{--shiki-default:#E1E4E8}html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html pre.shiki code .sAwPA, html code.shiki .sAwPA{--shiki-default:#6A737D}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .snl16, html code.shiki .snl16{--shiki-default:#F97583}html pre.shiki code .svObZ, html code.shiki .svObZ{--shiki-default:#B392F0}html pre.shiki code .s9osk, html code.shiki .s9osk{--shiki-default:#FFAB70}",{"title":178,"searchDepth":192,"depth":192,"links":1401},[1402,1403,1404,1405,1410,1415,1419,1420,1421,1424,1425],{"id":17,"depth":192,"text":18},{"id":45,"depth":192,"text":46},{"id":70,"depth":192,"text":71},{"id":132,"depth":192,"text":133,"children":1406},[1407,1408,1409],{"id":155,"depth":213,"text":156},{"id":252,"depth":213,"text":253},{"id":370,"depth":213,"text":371},{"id":490,"depth":192,"text":491,"children":1411},[1412,1413,1414],{"id":504,"depth":213,"text":505},{"id":625,"depth":213,"text":626},{"id":639,"depth":213,"text":640},{"id":661,"depth":192,"text":662,"children":1416},[1417,1418],{"id":668,"depth":213,"text":669},{"id":682,"depth":213,"text":683},{"id":709,"depth":192,"text":710},{"id":1077,"depth":192,"text":1078},{"id":1140,"depth":192,"text":1141,"children":1422},[1423],{"id":1190,"depth":213,"text":1191},{"id":1243,"depth":192,"text":1244},{"id":1388,"depth":192,"text":1389},"2026-04-04","A comprehensive guide to JSON Web Tokens (JWT) that cuts through the jargon and gets straight to the point. Learn what JWTs are, how JWT works, and how to use JWTs effectively in your applications.",false,"md",null,"everything-about-json-web-tokens-explained.png",{},"/backend/everything-about-json-web-tokens-explained",{"title":5,"description":1427},"Backend/1.everything-about-json-web-tokens-explained",[1437,1438,1439,1440],"JWT","JSON Web Tokens","Authentication","Security","mjEU-xXBmUUlUL8Tkj6ZQsPFjWEDC3Np3qY8tTa6zgo",[1443,2427],{"id":4,"title":5,"author":6,"body":1444,"date":1426,"description":1427,"draft":1428,"extension":1429,"guide":1430,"image":1431,"meta":2424,"navigation":428,"path":1433,"seo":2425,"stem":1435,"tags":2426,"__hash__":1441},{"type":8,"value":1445,"toc":2398},[1446,1448,1450,1456,1460,1464,1466,1470,1478,1480,1484,1486,1516,1518,1520,1526,1530,1532,1540,1574,1584,1586,1592,1662,1668,1670,1674,1748,1752,1754,1758,1760,1762,1764,1848,1850,1856,1858,1866,1870,1872,1874,1876,1880,1882,1884,1890,1892,1898,1900,1902,1954,1958,1984,1988,2164,2166,2168,2172,2182,2186,2204,2210,2212,2214,2218,2230,2234,2246,2248,2252,2254,2282,2284,2286,2336,2340,2390,2392,2396],[11,1447,13],{},[15,1449,18],{"id":17},[11,1451,1452,25,1454,29],{},[22,1453,24],{},[22,1455,28],{},[11,1457,32,1458,36],{},[22,1459,35],{},[38,1461,1462],{},[11,1463,42],{},[15,1465,46],{"id":45},[11,1467,49,1468,54],{},[51,1469,53],{},[38,1471,1472],{},[11,1473,59,1474,63,1476,67],{},[22,1475,62],{},[22,1477,66],{},[15,1479,71],{"id":70},[11,1481,74,1482,78],{},[22,1483,77],{},[11,1485,81],{},[83,1487,1488,1494,1500,1510],{},[86,1489,1490,1492,94],{},[22,1491,90],{},[92,1493],{},[86,1495,1496,1498,102],{},[22,1497,99],{},[92,1499],{},[86,1501,1502,1504,110,1506,114,1508,118],{},[22,1503,107],{},[92,1505],{},[51,1507,113],{},[51,1509,117],{},[86,1511,1512,1514,126],{},[22,1513,123],{},[92,1515],{},[11,1517,129],{},[15,1519,133],{"id":132},[11,1521,136,1522,140,1524,144],{},[22,1523,139],{},[51,1525,143],{},[11,1527,1528],{},[148,1529],{"alt":150,"src":151},[153,1531,156],{"id":155},[11,1533,159,1534,163,1536,167,1538,171],{},[22,1535,162],{},[22,1537,166],{},[22,1539,170],{},[173,1541,1542],{"className":175,"code":176,"language":177,"meta":178,"style":178},[51,1543,1544,1548,1560,1570],{"__ignoreMap":178},[182,1545,1546],{"class":184,"line":185},[182,1547,189],{"class":188},[182,1549,1550,1552,1554,1556,1558],{"class":184,"line":192},[182,1551,196],{"class":195},[182,1553,199],{"class":188},[182,1555,203],{"class":202},[182,1557,206],{"class":188},[182,1559,210],{"class":209},[182,1561,1562,1564,1566,1568],{"class":184,"line":213},[182,1563,216],{"class":195},[182,1565,199],{"class":188},[182,1567,221],{"class":202},[182,1569,224],{"class":209},[182,1571,1572],{"class":184,"line":227},[182,1573,230],{"class":188},[11,1575,233,1576,237,1578,241,1580,245,1582,249],{},[51,1577,236],{},[51,1579,240],{},[51,1581,244],{},[51,1583,248],{},[153,1585,253],{"id":252},[11,1587,256,1588,260,1590,264],{},[22,1589,259],{},[22,1591,263],{},[173,1593,1594],{"className":175,"code":267,"language":177,"meta":178,"style":178},[51,1595,1596,1600,1612,1624,1636,1648,1658],{"__ignoreMap":178},[182,1597,1598],{"class":184,"line":185},[182,1599,189],{"class":188},[182,1601,1602,1604,1606,1608,1610],{"class":184,"line":192},[182,1603,278],{"class":195},[182,1605,281],{"class":188},[182,1607,284],{"class":202},[182,1609,287],{"class":188},[182,1611,290],{"class":209},[182,1613,1614,1616,1618,1620,1622],{"class":184,"line":213},[182,1615,295],{"class":195},[182,1617,199],{"class":188},[182,1619,300],{"class":202},[182,1621,303],{"class":188},[182,1623,306],{"class":209},[182,1625,1626,1628,1630,1632,1634],{"class":184,"line":227},[182,1627,311],{"class":195},[182,1629,199],{"class":188},[182,1631,316],{"class":202},[182,1633,319],{"class":188},[182,1635,322],{"class":209},[182,1637,1638,1640,1642,1644,1646],{"class":184,"line":325},[182,1639,328],{"class":195},[182,1641,281],{"class":188},[182,1643,333],{"class":195},[182,1645,336],{"class":188},[182,1647,339],{"class":209},[182,1649,1650,1652,1654,1656],{"class":184,"line":342},[182,1651,345],{"class":195},[182,1653,281],{"class":188},[182,1655,350],{"class":195},[182,1657,353],{"class":209},[182,1659,1660],{"class":184,"line":356},[182,1661,230],{"class":188},[38,1663,1664],{},[11,1665,363,1666,367],{},[22,1667,366],{},[153,1669,371],{"id":370},[11,1671,374,1672,378],{},[22,1673,377],{},[173,1675,1676],{"className":381,"code":382,"language":383,"meta":178,"style":178},[51,1677,1678,1682,1704,1708,1712,1726,1730,1734],{"__ignoreMap":178},[182,1679,1680],{"class":184,"line":185},[182,1681,390],{"class":209},[182,1683,1684,1686,1688,1690,1692,1694,1696,1698,1700,1702],{"class":184,"line":192},[182,1685,396],{"class":395},[182,1687,399],{"class":195},[182,1689,402],{"class":395},[182,1691,406],{"class":405},[182,1693,409],{"class":188},[182,1695,412],{"class":395},[182,1697,415],{"class":202},[182,1699,418],{"class":395},[182,1701,406],{"class":405},[182,1703,423],{"class":188},[182,1705,1706],{"class":184,"line":213},[182,1707,429],{"emptyLinePlaceholder":428},[182,1709,1710],{"class":184,"line":227},[182,1711,434],{"class":209},[182,1713,1714,1716,1718,1720,1722,1724],{"class":184,"line":325},[182,1715,439],{"class":188},[182,1717,442],{"class":395},[182,1719,445],{"class":405},[182,1721,448],{"class":188},[182,1723,451],{"class":195},[182,1725,454],{"class":188},[182,1727,1728],{"class":184,"line":342},[182,1729,429],{"emptyLinePlaceholder":428},[182,1731,1732],{"class":184,"line":356},[182,1733,463],{"class":209},[182,1735,1736,1738,1740,1742,1744,1746],{"class":184,"line":466},[182,1737,439],{"class":188},[182,1739,442],{"class":395},[182,1741,473],{"class":405},[182,1743,448],{"class":188},[182,1745,478],{"class":195},[182,1747,454],{"class":188},[11,1749,483,1750,487],{},[51,1751,486],{},[15,1753,491],{"id":490},[11,1755,494,1756,498],{},[22,1757,497],{},[11,1759,501],{},[153,1761,505],{"id":504},[11,1763,508],{},[510,1765,1766,1776],{},[513,1767,1768],{},[516,1769,1770,1772,1774],{},[519,1771,521],{},[519,1773,524],{},[519,1775,527],{},[529,1777,1778,1788,1798,1808,1818,1828,1838],{},[516,1779,1780,1784,1786],{},[534,1781,1782],{},[51,1783,538],{},[534,1785,541],{},[534,1787,544],{},[516,1789,1790,1794,1796],{},[534,1791,1792],{},[51,1793,551],{},[534,1795,554],{},[534,1797,557],{},[516,1799,1800,1804,1806],{},[534,1801,1802],{},[51,1803,564],{},[534,1805,567],{},[534,1807,570],{},[516,1809,1810,1814,1816],{},[534,1811,1812],{},[51,1813,577],{},[534,1815,580],{},[534,1817,583],{},[516,1819,1820,1824,1826],{},[534,1821,1822],{},[51,1823,590],{},[534,1825,593],{},[534,1827,596],{},[516,1829,1830,1834,1836],{},[534,1831,1832],{},[51,1833,603],{},[534,1835,606],{},[534,1837,609],{},[516,1839,1840,1844,1846],{},[534,1841,1842],{},[51,1843,616],{},[534,1845,619],{},[534,1847,622],{},[153,1849,626],{"id":625},[11,1851,629,1852,633,1854,144],{},[22,1853,632],{},[51,1855,636],{},[153,1857,640],{"id":639},[11,1859,643,1860,647,1862,647,1864,143],{},[51,1861,646],{},[51,1863,650],{},[51,1865,653],{},[38,1867,1868],{},[11,1869,658],{},[15,1871,662],{"id":661},[11,1873,665],{},[153,1875,669],{"id":668},[11,1877,672,1878,676],{},[22,1879,675],{},[11,1881,679],{},[153,1883,683],{"id":682},[11,1885,686,1886,690,1888,694],{},[22,1887,689],{},[22,1889,693],{},[11,1891,697],{},[38,1893,1894],{},[11,1895,702,1896,706],{},[51,1897,705],{},[15,1899,710],{"id":709},[11,1901,713],{},[715,1903,1904,1912,1918,1924,1932,1942],{},[86,1905,1906,1908,724,1910,728],{},[22,1907,721],{},[92,1909],{},[51,1911,727],{},[86,1913,1914,1916,736],{},[22,1915,733],{},[92,1917],{},[86,1919,1920,1922,744],{},[22,1921,741],{},[92,1923],{},[86,1925,1926,1928,752,1930,756],{},[22,1927,749],{},[92,1929],{},[51,1931,755],{},[86,1933,1934,1936,764,1938,767,1940,771],{},[22,1935,761],{},[92,1937],{},[51,1939,53],{},[51,1941,770],{},[86,1943,1944,1946,779,1948,647,1950,647,1952,786],{},[22,1945,776],{},[92,1947],{},[51,1949,577],{},[51,1951,538],{},[51,1953,564],{},[11,1955,1956],{},[790,1957,792],{},[173,1959,1960],{"className":795,"code":796,"language":797,"meta":178,"style":178},[51,1961,1962,1970,1976],{"__ignoreMap":178},[182,1963,1964,1966,1968],{"class":184,"line":185},[182,1965,804],{"class":405},[182,1967,807],{"class":202},[182,1969,810],{"class":202},[182,1971,1972,1974],{"class":184,"line":192},[182,1973,815],{"class":405},[182,1975,818],{"class":202},[182,1977,1978,1980,1982],{"class":184,"line":213},[182,1979,823],{"class":405},[182,1981,826],{"class":202},[182,1983,829],{"class":202},[11,1985,1986],{},[790,1987,834],{},[173,1989,1990],{"className":381,"code":837,"language":383,"meta":178,"style":178},[51,1991,1992,2008,2022,2026,2030,2042,2052,2056,2062,2074,2078,2082,2086,2090,2102,2108,2122,2128,2134,2142,2156,2160],{"__ignoreMap":178},[182,1993,1994,1996,1998,2000,2002,2004,2006],{"class":184,"line":185},[182,1995,396],{"class":395},[182,1997,846],{"class":195},[182,1999,402],{"class":395},[182,2001,851],{"class":405},[182,2003,854],{"class":188},[182,2005,857],{"class":202},[182,2007,454],{"class":188},[182,2009,2010,2012,2014,2016,2018,2020],{"class":184,"line":192},[182,2011,396],{"class":395},[182,2013,866],{"class":195},[182,2015,402],{"class":395},[182,2017,871],{"class":188},[182,2019,874],{"class":195},[182,2021,877],{"class":188},[182,2023,2024],{"class":184,"line":213},[182,2025,429],{"emptyLinePlaceholder":428},[182,2027,2028],{"class":184,"line":227},[182,2029,886],{"class":209},[182,2031,2032,2034,2036,2038,2040],{"class":184,"line":325},[182,2033,891],{"class":395},[182,2035,894],{"class":405},[182,2037,854],{"class":188},[182,2039,900],{"class":899},[182,2041,903],{"class":188},[182,2043,2044,2046,2048,2050],{"class":184,"line":342},[182,2045,908],{"class":395},[182,2047,911],{"class":188},[182,2049,914],{"class":405},[182,2051,917],{"class":188},[182,2053,2054],{"class":184,"line":356},[182,2055,922],{"class":188},[182,2057,2058,2060],{"class":184,"line":466},[182,2059,927],{"class":195},[182,2061,930],{"class":188},[182,2063,2064,2066,2068,2070,2072],{"class":184,"line":933},[182,2065,936],{"class":188},[182,2067,939],{"class":202},[182,2069,942],{"class":188},[182,2071,945],{"class":202},[182,2073,948],{"class":188},[182,2075,2076],{"class":184,"line":951},[182,2077,954],{"class":188},[182,2079,2080],{"class":184,"line":957},[182,2081,230],{"class":188},[182,2083,2084],{"class":184,"line":962},[182,2085,429],{"emptyLinePlaceholder":428},[182,2087,2088],{"class":184,"line":967},[182,2089,970],{"class":209},[182,2091,2092,2094,2096,2098,2100],{"class":184,"line":973},[182,2093,891],{"class":395},[182,2095,978],{"class":405},[182,2097,854],{"class":188},[182,2099,983],{"class":899},[182,2101,903],{"class":188},[182,2103,2104,2106],{"class":184,"line":988},[182,2105,991],{"class":395},[182,2107,994],{"class":188},[182,2109,2110,2112,2114,2116,2118,2120],{"class":184,"line":997},[182,2111,1000],{"class":395},[182,2113,911],{"class":188},[182,2115,1005],{"class":405},[182,2117,1008],{"class":188},[182,2119,1011],{"class":195},[182,2121,1014],{"class":188},[182,2123,2124,2126],{"class":184,"line":1017},[182,2125,1020],{"class":188},[182,2127,1023],{"class":202},[182,2129,2130,2132],{"class":184,"line":1026},[182,2131,1029],{"class":188},[182,2133,1032],{"class":209},[182,2135,2136,2138,2140],{"class":184,"line":1035},[182,2137,1038],{"class":188},[182,2139,1041],{"class":395},[182,2141,1044],{"class":188},[182,2143,2144,2146,2148,2150,2152,2154],{"class":184,"line":1047},[182,2145,1050],{"class":395},[182,2147,1053],{"class":395},[182,2149,1056],{"class":405},[182,2151,854],{"class":188},[182,2153,1061],{"class":202},[182,2155,454],{"class":188},[182,2157,2158],{"class":184,"line":1066},[182,2159,1069],{"class":188},[182,2161,2162],{"class":184,"line":1072},[182,2163,230],{"class":188},[15,2165,1078],{"id":1077},[11,2167,1081],{},[11,2169,2170],{},[22,2171,1086],{},[83,2173,2174,2176,2178,2180],{},[86,2175,1091],{},[86,2177,1094],{},[86,2179,1097],{},[86,2181,1100],{},[11,2183,2184],{},[22,2185,1105],{},[83,2187,2188,2192,2196,2200],{},[86,2189,1110,2190,1113],{},[51,2191,577],{},[86,2193,1110,2194,1118],{},[51,2195,590],{},[86,2197,1110,2198,1123],{},[51,2199,538],{},[86,2201,1110,2202,1128],{},[51,2203,564],{},[11,2205,1131,2206,1134,2208,143],{},[51,2207,577],{},[22,2209,1137],{},[15,2211,1141],{"id":1140},[11,2213,1144],{},[11,2215,2216],{},[22,2217,1149],{},[83,2219,2220,2222,2224,2226,2228],{},[86,2221,1154],{},[86,2223,1157],{},[86,2225,1160],{},[86,2227,1163],{},[86,2229,1166],{},[11,2231,2232],{},[22,2233,1171],{},[83,2235,2236,2240,2242,2244],{},[86,2237,1176,2238],{},[51,2239,577],{},[86,2241,1181],{},[86,2243,1184],{},[86,2245,1187],{},[153,2247,1191],{"id":1190},[11,2249,1194,2250,1198],{},[22,2251,1197],{},[11,2253,1201],{},[715,2255,2256,2266,2276],{},[86,2257,2258,2260,1211,2262,1214,2264,1218],{},[22,2259,1208],{},[92,2261],{},[51,2263,577],{},[22,2265,1217],{},[86,2267,2268,2270,1226,2272,1229,2274,1232],{},[22,2269,1223],{},[92,2271],{},[51,2273,616],{},[51,2275,616],{},[86,2277,2278,2280,1240],{},[22,2279,1237],{},[92,2281],{},[15,2283,1244],{"id":1243},[11,2285,1247],{},[715,2287,2288,2294,2306,2312,2318,2330],{},[86,2289,2290,2292,1257],{},[22,2291,1254],{},[92,2293],{},[86,2295,2296,2298,1265,2300,1269,2302,1273,2304,1276],{},[22,2297,1262],{},[92,2299],{},[51,2301,1268],{},[51,2303,1272],{},[51,2305,755],{},[86,2307,2308,2310,1284],{},[22,2309,1281],{},[92,2311],{},[86,2313,2314,2316,1292],{},[22,2315,1289],{},[92,2317],{},[86,2319,2320,2322,1300,2324,647,2326,1305,2328,1308],{},[22,2321,1297],{},[92,2323],{},[51,2325,577],{},[51,2327,538],{},[51,2329,564],{},[86,2331,2332,2334,1316],{},[22,2333,1313],{},[92,2335],{},[11,2337,2338],{},[790,2339,1321],{},[173,2341,2342],{"className":381,"code":1324,"language":383,"meta":178,"style":178},[51,2343,2344,2348,2356,2366,2374,2382,2386],{"__ignoreMap":178},[182,2345,2346],{"class":184,"line":185},[182,2347,1331],{"class":209},[182,2349,2350,2352,2354],{"class":184,"line":192},[182,2351,1336],{"class":188},[182,2353,1005],{"class":405},[182,2355,1341],{"class":188},[182,2357,2358,2360,2362,2364],{"class":184,"line":213},[182,2359,1346],{"class":188},[182,2361,1349],{"class":202},[182,2363,1352],{"class":188},[182,2365,1355],{"class":209},[182,2367,2368,2370,2372],{"class":184,"line":227},[182,2369,1360],{"class":188},[182,2371,1363],{"class":202},[182,2373,930],{"class":188},[182,2375,2376,2378,2380],{"class":184,"line":325},[182,2377,1370],{"class":188},[182,2379,1373],{"class":202},[182,2381,930],{"class":188},[182,2383,2384],{"class":184,"line":342},[182,2385,1380],{"class":209},[182,2387,2388],{"class":184,"line":356},[182,2389,1385],{"class":188},[15,2391,1389],{"id":1388},[11,2393,1392,2394,1395],{},[51,2395,755],{},[1397,2397,1399],{},{"title":178,"searchDepth":192,"depth":192,"links":2399},[2400,2401,2402,2403,2408,2413,2417,2418,2419,2422,2423],{"id":17,"depth":192,"text":18},{"id":45,"depth":192,"text":46},{"id":70,"depth":192,"text":71},{"id":132,"depth":192,"text":133,"children":2404},[2405,2406,2407],{"id":155,"depth":213,"text":156},{"id":252,"depth":213,"text":253},{"id":370,"depth":213,"text":371},{"id":490,"depth":192,"text":491,"children":2409},[2410,2411,2412],{"id":504,"depth":213,"text":505},{"id":625,"depth":213,"text":626},{"id":639,"depth":213,"text":640},{"id":661,"depth":192,"text":662,"children":2414},[2415,2416],{"id":668,"depth":213,"text":669},{"id":682,"depth":213,"text":683},{"id":709,"depth":192,"text":710},{"id":1077,"depth":192,"text":1078},{"id":1140,"depth":192,"text":1141,"children":2420},[2421],{"id":1190,"depth":213,"text":1191},{"id":1243,"depth":192,"text":1244},{"id":1388,"depth":192,"text":1389},{},{"title":5,"description":1427},[1437,1438,1439,1440],{"id":2428,"title":2429,"author":6,"body":2430,"date":3035,"description":3036,"draft":1428,"extension":1429,"guide":1430,"image":3037,"meta":3038,"navigation":428,"path":3039,"seo":3040,"stem":3041,"tags":3042,"__hash__":3045},"blog/How-To/1.git-commit-to-wrong-branch-fix.md","How to Fix a Git Commit to Wrong Branch: A Step-by-Step Guide",{"type":8,"value":2431,"toc":3023},[2432,2450,2453,2457,2465,2468,2482,2485,2489,2492,2519,2531,2535,2544,2547,2569,2572,2592,2646,2655,2659,2662,2671,2676,2680,2683,2701,2705,2712,2715,2739,2786,2794,2805,2809,2814,2817,2831,2834,2852,2855,2882,2932,2937,2941,2944,2964,2968,2975,3007,3011,3014,3017,3020],[11,2433,2434,2435,2438,2439,2442,2443,1269,2446,2449],{},"I know you’ve been there. You are deep in the \"flow,\" writing code, and hitting ",[51,2436,2437],{},"git commit"," with confidence. Then, you look at your terminal and realize the mistake: you just made a ",[22,2440,2441],{},"git commit to wrong branch",". Specifically, you’ve pushed feature code directly onto the ",[51,2444,2445],{},"main",[51,2447,2448],{},"master"," branch.",[11,2451,2452],{},"Don't panic. This is a rite of passage for every developer. Whether you forgot to switch branches or your IDE defaulted to master, it is easily fixable. In this guide, I shall show you how to safely move those commits to a feature branch and restore order to your repository.",[15,2454,2456],{"id":2455},"the-common-git-mistake-developers-make","The Common Git Mistake Developers Make",[11,2458,2459,2460,1269,2462,2464],{},"Git is a powerful version control system, but its flexibility means it doesn't always stop us from making mistakes. Most junior developers start their work in the ",[51,2461,2448],{},[51,2463,2445],{}," branch because it’s the default state of a new repository.",[11,2466,2467],{},"Accidentally committing to the wrong branch usually happens because:",[83,2469,2470,2476,2479],{},[86,2471,2472,2473,143],{},"You forgot to run ",[51,2474,2475],{},"git checkout -b \u003Cbranch-name>",[86,2477,2478],{},"You switched tasks quickly and didn't check your current branch status.",[86,2480,2481],{},"You assumed you were on a feature branch when you were actually on the primary production branch.",[11,2483,2484],{},"Whatever the reason, the result is the same: your feature code is now part of the main branch history, which can lead to issues in production and complicate collaboration with other developers.",[15,2486,2488],{"id":2487},"example-scenario-real-situation","Example Scenario (Real Situation)",[11,2490,2491],{},"Let's look at a common scenario. Imagine you are building a website:",[715,2493,2494,2506,2509,2516],{},[86,2495,2496,2497,2500,2501,1269,2503,2505],{},"You initialize a Git repository and commit your ",[51,2498,2499],{},"index.html"," to ",[51,2502,2448],{},[51,2504,2445],{},". This is correct.",[86,2507,2508],{},"You start working on a \"Login\" feature.",[86,2510,2511,2512,2515],{},"Without switching branches, you create ",[51,2513,2514],{},"login.html",", write the API integration.",[86,2517,2518],{},"You made two commits: \"add login.html\" and \"add authentication\".",[11,2520,2521,2522,2524,2525,2528,2529,143],{},"Now, your production-ready ",[51,2523,2448],{}," branch contains experimental, unreviewed feature code. You need to move those \"Login\" commits to a branch called ",[51,2526,2527],{},"feature-login"," and remove them from ",[51,2530,2448],{},[15,2532,2534],{"id":2533},"step-1-identify-the-mistake-using-git-logs","Step 1 – Identify the Mistake Using Git Logs",[11,2536,2537,2538],{},"Before you move anything, you need to see exactly what happened. We use the log command to visualize the commit history. ",[790,2539,2540,2541,2543],{},"(You're in ",[51,2542,2448],{}," branch yet)",[11,2545,2546],{},"Run the following command:",[173,2548,2550],{"className":795,"code":2549,"language":797,"meta":178,"style":178},"git log --oneline --all --graph\n",[51,2551,2552],{"__ignoreMap":178},[182,2553,2554,2557,2560,2563,2566],{"class":184,"line":185},[182,2555,2556],{"class":405},"git",[182,2558,2559],{"class":202}," log",[182,2561,2562],{"class":195}," --oneline",[182,2564,2565],{"class":195}," --all",[182,2567,2568],{"class":195}," --graph\n",[11,2570,2571],{},"What this does:",[83,2573,2574,2580,2586],{},[86,2575,2576,2579],{},[51,2577,2578],{},"--oneline",": Condenses the output so each commit is one line.",[86,2581,2582,2585],{},[51,2583,2584],{},"--all",": Shows all branches, not just the one you are on.",[86,2587,2588,2591],{},[51,2589,2590],{},"--graph",": Draws a text-based graphical representation of the branch history.",[173,2593,2595],{"className":795,"code":2594,"language":797,"meta":178,"style":178},"# example output of the above command:\n* a781459 (HEAD -> main) add authentication\n* c00ffa3 add login.html\n* a6567f9 update index.html\n* 4f1c99f add index.html\n",[51,2596,2597,2602,2625,2632,2639],{"__ignoreMap":178},[182,2598,2599],{"class":184,"line":185},[182,2600,2601],{"class":209},"# example output of the above command:\n",[182,2603,2604,2607,2610,2613,2616,2619,2622],{"class":184,"line":192},[182,2605,2606],{"class":395},"*",[182,2608,2609],{"class":188}," a781459 (",[182,2611,2612],{"class":405},"HEAD",[182,2614,2615],{"class":188}," -",[182,2617,2618],{"class":395},">",[182,2620,2621],{"class":202}," main",[182,2623,2624],{"class":188},") add authentication\n",[182,2626,2627,2629],{"class":184,"line":213},[182,2628,2606],{"class":395},[182,2630,2631],{"class":188}," c00ffa3 add login.html\n",[182,2633,2634,2636],{"class":184,"line":227},[182,2635,2606],{"class":395},[182,2637,2638],{"class":188}," a6567f9 update index.html\n",[182,2640,2641,2643],{"class":184,"line":325},[182,2642,2606],{"class":395},[182,2644,2645],{"class":188}," 4f1c99f add index.html\n",[11,2647,2648,2649,2651,2652,143],{},"Look for the most recent commits on ",[51,2650,2448],{},". You will see the \"add authentication\" commit at the top. Note that each commit has a unique 7-character ID (the \"hash\"), such as ",[51,2653,2654],{},"a1b2c3d",[15,2656,2658],{"id":2657},"step-2-copy-the-commit-ids","Step 2 – Copy the Commit IDs",[11,2660,2661],{},"To move your work to the correct feature branch, Git needs to know exactly which commits you are talking about. Identify the hashes of the commits that belong in the feature branch.",[11,2663,2664,2665,63,2668,143],{},"If you made three commits to the wrong branch, you need the hashes for all three. In our scenario, the hashes for \"add login\" and \"add authentication\" are ",[51,2666,2667],{},"c00ffa3",[51,2669,2670],{},"a781459",[38,2672,2673],{},[11,2674,2675],{},"Tip: Always copy the hashes into a notepad or keep your terminal window open so you don't lose them!",[15,2677,2679],{"id":2678},"step-3-switch-to-the-correct-feature-branch","Step 3 – Switch to the Correct Feature Branch",[11,2681,2682],{},"Now, you need to go where the code should have gone. If the branch doesn't exist yet, create it and switch to it.",[173,2684,2686],{"className":795,"code":2685,"language":797,"meta":178,"style":178},"git checkout -b feature-login\n",[51,2687,2688],{"__ignoreMap":178},[182,2689,2690,2692,2695,2698],{"class":184,"line":185},[182,2691,2556],{"class":405},[182,2693,2694],{"class":202}," checkout",[182,2696,2697],{"class":195}," -b",[182,2699,2700],{"class":202}," feature-login\n",[15,2702,2704],{"id":2703},"step-4-move-commits-using-git-cherry-pick","Step 4 – Move Commits Using git cherry-pick",[11,2706,2707,2708,2711],{},"The \"magic\" command here is ",[51,2709,2710],{},"git cherry-pick",". This command takes a commit from one place and applies it to another.",[11,2713,2714],{},"Run the command using the hash you identified in Step 2:",[173,2716,2718],{"className":795,"code":2717,"language":797,"meta":178,"style":178},"git cherry-pick c00ffa3\ngit cherry-pick a781459\n",[51,2719,2720,2730],{"__ignoreMap":178},[182,2721,2722,2724,2727],{"class":184,"line":185},[182,2723,2556],{"class":405},[182,2725,2726],{"class":202}," cherry-pick",[182,2728,2729],{"class":202}," c00ffa3\n",[182,2731,2732,2734,2736],{"class":184,"line":192},[182,2733,2556],{"class":405},[182,2735,2726],{"class":202},[182,2737,2738],{"class":202}," a781459\n",[173,2740,2742],{"className":795,"code":2741,"language":797,"meta":178,"style":178},"# After cherry-picking\n* a781459 (HEAD -> feature-login, main) add authentication\n* c00ffa3 add login.html\n* a6567f9 update index.html\n* 4f1c99f add index.html\n",[51,2743,2744,2749,2768,2774,2780],{"__ignoreMap":178},[182,2745,2746],{"class":184,"line":185},[182,2747,2748],{"class":209},"# After cherry-picking\n",[182,2750,2751,2753,2755,2757,2759,2761,2764,2766],{"class":184,"line":192},[182,2752,2606],{"class":395},[182,2754,2609],{"class":188},[182,2756,2612],{"class":405},[182,2758,2615],{"class":188},[182,2760,2618],{"class":395},[182,2762,2763],{"class":202}," feature-login,",[182,2765,2621],{"class":202},[182,2767,2624],{"class":188},[182,2769,2770,2772],{"class":184,"line":213},[182,2771,2606],{"class":395},[182,2773,2631],{"class":188},[182,2775,2776,2778],{"class":184,"line":227},[182,2777,2606],{"class":395},[182,2779,2638],{"class":188},[182,2781,2782,2784],{"class":184,"line":325},[182,2783,2606],{"class":395},[182,2785,2645],{"class":188},[38,2787,2788],{},[11,2789,2790,2793],{},[22,2791,2792],{},"Important Note:"," If you have multiple commits to move, apply them in chronological order (oldest first). This prevents merge conflicts and keeps your history logical.",[11,2795,2796,2798,2799,2801,2802,2804],{},[51,2797,2710],{}," essentially \"copies\" the changes. Your \"Login\" code is now safely on the ",[51,2800,2527],{}," branch. However, a copy still exists on ",[51,2803,2448],{},". We need to fix that next.",[15,2806,2808],{"id":2807},"step-5-clean-the-master-branch","Step 5 – Clean the Master Branch",[11,2810,2811,2812,2449],{},"Now that your work is safe on the correct branch, we must remove the accidental commits from the ",[51,2813,2448],{},[11,2815,2816],{},"First, switch back to master:",[173,2818,2820],{"className":795,"code":2819,"language":797,"meta":178,"style":178},"git checkout master\n",[51,2821,2822],{"__ignoreMap":178},[182,2823,2824,2826,2828],{"class":184,"line":185},[182,2825,2556],{"class":405},[182,2827,2694],{"class":202},[182,2829,2830],{"class":202}," master\n",[11,2832,2833],{},"Then, use the reset command to roll back the branch to its state before the mistake:",[173,2835,2837],{"className":795,"code":2836,"language":797,"meta":178,"style":178},"git reset --hard HEAD~2\n",[51,2838,2839],{"__ignoreMap":178},[182,2840,2841,2843,2846,2849],{"class":184,"line":185},[182,2842,2556],{"class":405},[182,2844,2845],{"class":202}," reset",[182,2847,2848],{"class":195}," --hard",[182,2850,2851],{"class":202}," HEAD~2\n",[11,2853,2854],{},"What this command does:",[83,2856,2857,2863,2869],{},[86,2858,2859,2862],{},[51,2860,2861],{},"git reset",": Moves the current branch pointer to a previous state.",[86,2864,2865,2868],{},[51,2866,2867],{},"--hard",": This tells Git to discard all changes in the working directory. It makes master look exactly like it did before you made that mistake.",[86,2870,2871,2874,2875,2878,2879,143],{},[51,2872,2873],{},"HEAD~2",": This tells Git to go back exactly ",[22,2876,2877],{},"two"," commits. If you made three accidental commits, you would use ",[51,2880,2881],{},"HEAD~3",[173,2883,2885],{"className":795,"code":2884,"language":797,"meta":178,"style":178},"# After reset\n* a781459 (feature-login) add authentication\n* c00ffa3 add login.html\n* a6567f9 (HEAD -> main) update index.html\n* 4f1c99f add index.html\n",[51,2886,2887,2892,2902,2908,2926],{"__ignoreMap":178},[182,2888,2889],{"class":184,"line":185},[182,2890,2891],{"class":209},"# After reset\n",[182,2893,2894,2896,2898,2900],{"class":184,"line":192},[182,2895,2606],{"class":395},[182,2897,2609],{"class":188},[182,2899,2527],{"class":405},[182,2901,2624],{"class":188},[182,2903,2904,2906],{"class":184,"line":213},[182,2905,2606],{"class":395},[182,2907,2631],{"class":188},[182,2909,2910,2912,2915,2917,2919,2921,2923],{"class":184,"line":227},[182,2911,2606],{"class":395},[182,2913,2914],{"class":188}," a6567f9 (",[182,2916,2612],{"class":405},[182,2918,2615],{"class":188},[182,2920,2618],{"class":395},[182,2922,2621],{"class":202},[182,2924,2925],{"class":188},") update index.html\n",[182,2927,2928,2930],{"class":184,"line":325},[182,2929,2606],{"class":395},[182,2931,2645],{"class":188},[38,2933,2934],{},[11,2935,2936],{},"Use --hard with caution. Any uncommitted work in your directory will be permanently deleted. Always ensure your git status is clean before running this.",[15,2938,2940],{"id":2939},"when-should-you-use-git-cherry-pick","When Should You Use git cherry-pick?",[11,2942,2943],{},"Beyond fixing mistakes, git cherry-pick is useful in several real-world situations:",[83,2945,2946,2952,2958],{},[86,2947,2948,2951],{},[22,2949,2950],{},"Hotfixes:"," When a bug is fixed on a development branch but needs to be applied to the production branch immediately.",[86,2953,2954,2957],{},[22,2955,2956],{},"Undoing a Revert:"," If a feature was reverted but you want to bring back specific parts of it.",[86,2959,2960,2963],{},[22,2961,2962],{},"Collaborative Work:"," If a teammate wrote a helper function on their branch that you need on yours.",[15,2965,2967],{"id":2966},"quick-summary","Quick Summary",[11,2969,2970,2971,2974],{},"Need to ",[22,2972,2973],{},"fix a git commit to wrong branch"," in 30 seconds? I know you don't have time. Here is the cheat sheet:",[715,2976,2977,2983,2989,2995,3001],{},[86,2978,2979,2980],{},"Find the commit hash: ",[51,2981,2982],{},"git log --oneline",[86,2984,2985,2986],{},"Go to the right branch: ",[51,2987,2988],{},"git checkout feature-branch",[86,2990,2991,2992],{},"Copy the work over: ",[51,2993,2994],{},"git cherry-pick \u003Ccommit-hash>",[86,2996,2997,2998],{},"Go back to master: ",[51,2999,3000],{},"git checkout master",[86,3002,3003,3004],{},"Erase the mistake: ",[51,3005,3006],{},"git reset --hard HEAD~1",[15,3008,3010],{"id":3009},"conclusion","Conclusion",[11,3012,3013],{},"Fixing a git commit to wrong branch is a foundational skill that transforms you from a panicked beginner into a confident developer.",[11,3015,3016],{},"The next time you realize you're on the wrong branch, don't delete your folder and start over. Use the steps above to move your code like a pro.",[11,3018,3019],{},"Thanks for reading!",[1397,3021,3022],{},"html pre.shiki code .svObZ, html code.shiki .svObZ{--shiki-default:#B392F0}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .sAwPA, html code.shiki .sAwPA{--shiki-default:#6A737D}html pre.shiki code .snl16, html code.shiki .snl16{--shiki-default:#F97583}html pre.shiki code .s95oV, html code.shiki .s95oV{--shiki-default:#E1E4E8}",{"title":178,"searchDepth":192,"depth":192,"links":3024},[3025,3026,3027,3028,3029,3030,3031,3032,3033,3034],{"id":2455,"depth":192,"text":2456},{"id":2487,"depth":192,"text":2488},{"id":2533,"depth":192,"text":2534},{"id":2657,"depth":192,"text":2658},{"id":2678,"depth":192,"text":2679},{"id":2703,"depth":192,"text":2704},{"id":2807,"depth":192,"text":2808},{"id":2939,"depth":192,"text":2940},{"id":2966,"depth":192,"text":2967},{"id":3009,"depth":192,"text":3010},"2026-03-06","Accidentally made a git commit to wrong branch? Learn how to move commits to a feature branch and clean up master using git cherry-pick and reset.","git-commit-to-wrong-branch-fix.png",{},"/how-to/git-commit-to-wrong-branch-fix",{"title":2429,"description":3036},"How-To/1.git-commit-to-wrong-branch-fix",[2556,3043,3044],"version control","cherry-pick","n8isUYA0g4UX-h0sD-YAESjnQ7-UuIHQEF_OxEKfHs8",1775329358195]