JSON Web Tokens, or JWTs, are a standard way for securely representing claims. A JWT consists of a digitally signed payload. The most common use case for JWT is authorization. In this scenario, users are issued a JWT once they've authenticated. The JWT contains the set of resources that the user is authorized to access. Subsequent requests for information include the JWT, which the system can use to validate authorization without requiring the user to re-enter credentials. Because the JWT is signed, tampering of the JWT is unlikely.
- RFC 7519 defines the JWT specification