So, what is a JSON Web Token, AKA JWT token? What is it all about? Why is it different than/from(?) other authentication methods? And why do people prefer using it over/more than(?) other authentication styles?

A JWT has three parts:

Header - usually contains the type of token (JWT) and the signing algorithm

Example: {

"alg": "HS256",

"typ": "JWT"

}

Payload - contains the actual claims, e.g., user ID, role, and expiration time.

{

"userId": 123,

"name": "Alice",

"role": "admin",

"exp": 1700000000

}

Signature - a hash of the header + payload + secret, used to verify authenticity.

HMACSHA256(

base64UrlEncode(header) + "." + base64UrlEncode(payload),

secret_key

)

It is:

Stateless - No need to keep session data on the server.

Short-lived: Since JWTs are stateless, short expiration helps reduce the impact of stolen tokens.

Portable - Can be used across multiple servers or services.

Easy to use in APIs

Works across domains (not tied to cookies).

Standardized: JWT is an open standard and widely supported