JWT (JSON Web Token)

A JWT is a compact token (header.payload.signature) signed with a secret or private key, sent in `Authorization: Bearer`. Scell.io uses short-lived JWTs (15 min) for the dashboard, plus HttpOnly refresh-token cookies for the SPA.