JWT - JSON Web Tokens
Concatenation of 3 texts.
base64(header) + '.' + base64(payload) + '.' + base64(signature)
signed with a HMAC or Asymmetric crypto (RSA).
header = { "alg" : "HS256", "typ" : "JWT" }
payload = {"loggedInAs" : "admin","iat" : 1422779638}
signature=HMAC-SHA256(secret,base64(header)+'.'+base64(payload))

Provide mechanisms for token refresh, limiting impact due to a lost token.
Access Token – JWT Token that authorizes the user – very limited lifespan.
Is used in every request and has higher exposition.
Refresh Token – Random Token only to refresh Access Token.
Only used to refresh the Access Token.
Longer lifetime.
After all tokens expire, the authentication process must be restarted.
payload = {"loggedInAs" : "admin","iat" : 1422779638}
Last updated