In May 2015 the IETF publishes RFC 7519, defining JWT as the standard for compact, self-contained claims transferred as a signed JSON object. A JWT carries user identity and permissions encoded within itself (header, payload, signature), letting the receiving server verify authenticity via the issuer's public key with no external lookup, enabling stateless verification at any scale. It becomes the dominant token format of the modern web, underlying OIDC ID Tokens and inter-microservice authorization.