There is no denying that JWT is a cool breeze and a relief from the feature insanity of OAuth. I once spent a week trying to understand OAuth, I had to give up. There was simply no way I could wrap my brain around it. I could explain JWT to a 5-year-old child in less than 5 minutes. If OAuth is a scrapyard of madness and radioactive waste, JWT is a green field swimming in warm rays of sun after the morning dew has sprinkled the fresh grass made.
A JWT token consists of three simple parts: a header describing the token, a payload that's the actual token, and a cryptographically secured signature, ensuring the token was created by a trusted source. All three components are base 64 encoded, separated by a ".", concatenated, and normally provided as a Bearer token in the Authorization HTTP header of your HTTP REST invocations — dead simple in fact.