1.2 JWT Workflow
The user submits the username and password to an Authentication server.
The Authentication server validates the username and password combination and creates a Bearer Token: JWT token with a payload containing the user technical identifier, and an expiration timestamp.
The Authentication server then takes a secret key, and uses it to sign the Header plus Payload and sends it back to the user browser.
The browser takes the signed JWT and starts sending it with each HTTP request to our Application server.The signed JWT acts effectively as a temporary user credential, that replaces the permanent credential which is the username and password combination.