Interview questions - mowen0303/note GitHub Wiki

JWT is just for authorization (授权) not authentication (身份验证).

Authentication: taking the username and password and authenticating to make sure that username and password are correct. It's like logging a user in.
Authorization: making sure that the user sends a request to your server is the same user that logged in during the authentication process.

JWT instead of using these cookies uses a JSON web token.