When a user logs into the system by providing their credentials, a JWT will be created and it will be returned to the user. This token should be saved locally on the browser and should be sent back to the server with each request that tries to access a protected resource.  JWT is usually transferred in an Authorization HTTP header with the Bearer schema:

Authorization: Bearer <token>

This approach enables a stateless authentication mechanism where the user state is never stored on the server's memory. The bearer tokens should be protected in storage and transport in order to prevent any misuse. An important advantage we get with this approach is implementing scalability. We have already covered the JWT in the context of scalable Microservices in Chapter 6, Scaling Microservices, with examples.