JWT is for authorization, not authentication — Authentication checks credentials (e.g., username/password), while authorization ensures requests are made by the logged-in user. Traditional session-based authorization — User info is stored on the server; client sends a session ID via cookies with each request. JWT-based authorization — Server sends a signed JSON Web Token back to the client; user data is stored in the token, not on the server. JWT has three parts: header (algorithm/type), payload (user data), and signature (verifies token integrity). Why JWT is useful — Enables seamless login across multiple servers or services (e.g., banking server + retirement server) without needing separate sessions. JWT simplifies authentication across many small services in complex architectures.