JSON Web Token (JWT; https://jwt.io) is an open industry standard for security tokens. JWT authentication works by a server and client passing and verifying claims. A server generates a JWT token and passes it back to the client when user credentials are successfully validated. The client will store this token locally and use it to request protected resources from the server later by passing the token in the request header. This is a stateless authentication mechanism. This is explained in detail in Chapter 8, Microservice Server-Side Technologies.