#jwt

Implement JWT auth securely. Flow: 1. User login with credentials. 2. Server validates and creates JWT. 3. Client stores JWT (httpOnly cookie or memory). 4. Include JWT in Authorization header. 5. Server verifies signature and claims. 6. Refresh tokens for long sessions. 7. Token expiration and renewal. 8. Logout (blacklist or short expiry). Use RS256 for production. Don't store in localStorage. Implement CSRF protection.

Explain the structure of a JSON Web Token (JWT). What are the three parts (Header, Payload, Signature)? What information is typically stored in the payload? How is the signature used to verify the token's authenticity? Provide an example of a decoded JWT payload.