JWT auth

This token are signed by one party's private bey, so that both parties are able to verify that token is legitimate. The tokens are designsed to be compact, URL-safe , and usable especially in a web-browser single-sign-on (SSO) context.