How much Secured is JWT and similar Approaches

I have been reading about JWT and CSRF token and as far as i can understand they are the same thing(Correct me if i'm wrong). But i'm having some doubt. So my questions are:

  1. Is JWT really secure?
  2. As the token is present in the client side. Can my Signed key get decoded?
  3. Is there any other way of validating the user without saving current session data on server ?(Please if you can add a link)
  4. Is the way i'm thing of going ,JWT, to validate user Secure ? or is there any better way?(Please don't say Google it)

If it helps. I'm making a social networking site using Node.js and AngularJs

You are wrong about JWT and CSRF Tokens.

JWT is a set of claims you sign or encrypt (or both). This is the same as a signed or encrypted mail.

CSRF Tokens are, in general, arbitrary strings to prevent requests from malicious scripts. These strings are not encrypted or signed.

  1. JWE (encrypted) and JWS (signed) use algorithms defined by JWA. All these algorithms (Elliptic Curves, RSA...) are strong enough to secure the input of your JWT.

  2. When you write Signed key, I suppose that you are talking about your public key. This is exactly the same as if you give your public certificate or when you sign an e-mail using S/MIME.

  3. JWT do not aim to store session data, but to store claims signed or encrypted (or both).

  4. JWS are often used to authenticate a user. OpenID Connect uses JWT over OAuth2 for example.