"Json Web Token with digital signature. Modern authentication or authorization. Cookies are bad. Avoid Man-in-the-middle-attack. No need to protect against CSRF. Stateless. Read less