Authorization is the most common scenario for using JWT. Once the user is logged in, each subsequent request will include the JWT, allowing the user to access routes, services, and resources that are permitted with that token. Single Sign On is a feature that widely uses JWT nowadays, because of its small overhead and its ability to be easily used across different domains.
Information Exchange JSON Web Tokens are a good way of securely transmitting information between parties. Because JWTs can be signed—for example, using public/private key pairs—you can be sure the senders are who they say they are. Additionally, as the signature is calculated using the header and the payload, you can also verify that the content hasn't been tampered with.
The JWT is composed of 3 parts:
Header: this stores token info: token type, signing algorithm, etc.
Payload: this section stores statements about an entity (typically, the user) and additional data. These statements are referred to as Claims.
Note that for signed tokens, this information (though protected against tampering) is readable by anyone. Do not put secret information in the payload or header elements of a JWT
Signature: the signature is used to verify the message wasn't changed along the way, and, in the case of tokens signed with a private key, it can also verify that the sender of the JWT is who it says it is.
There is a tool called jwt.io that can be used to decode, verify, and generate JWTs.