# JWT format support for OAuth access tokens

JWTs are now the default for newly created applications, while existing applications continue using opaque tokens unless changed.

![JWT format support for OAuth access tokens](./jwt-toggle.png)

## Why JWT?

JWT access tokens offer several advantages:

- **Networkless verification** — JWTs can be verified locally using your instance's public key, without making a network request to Clerk's servers
- **Self-contained** — All necessary information (user ID, scopes, expiration) is embedded in the token itself
- **Better compatibility** — Many third-party tools and libraries expect JWT tokens

## When to use opaque tokens

Opaque tokens remain valuable for security-sensitive scenarios:

- **Instant revocation** — Opaque tokens can be invalidated immediately, while JWTs remain valid until they expire

## How to configure

To change your OAuth access token format:

1. Navigate to [OAuth applications](https://dashboard.clerk.com/~/oauth-applications) in the Clerk Dashboard
2. Select the **Settings** tab
3. Toggle **Generate access tokens as JWTs** on or off
4. Save your changes

Clerk's SDKs automatically handle verification for both token formats — no code changes are required when switching between them. For manual verification of JWT tokens outside of Clerk's SDKs, use the same approach as [session token verification](https://clerk.com/docs/guides/sessions/manual-jwt-verification.md) with your instance's public key.

For more details on the differences between token formats, see the [token formats documentation](https://clerk.com/docs/guides/development/machine-auth/token-formats.md).