A basic authentication system might require a client to send a username and password on each request. To initiate a token-based authenticated session a client sends credentials just once, receives a token in exchange, and then sends only that token on subsequent requests, gaining any access that token provides. Incessantly passing around sensitive credentials is no longer required.
One particular advantage of JWTs is that servers are no longer responsible for maintaining access to a common database of credentials, as only the issuing authority need validate an initial sign-in. There is no need to maintain ...