The core idea

The identity travels in the token.

A JWT is a self-contained, signed token holding your identity. The server verifies it without looking anything up — no session store.