Application may request to access routes, services, or resources on behalf of that user. To do so, it uses an access token, which is in the form of a JWT token. user has to provide JWT token in header as a authorization in every subsequent request after login.