So what it does is it verifies that this Jason Webb token has not been changed since the time that it signed it, because if, for example, the client changed it and changed the user information in that Jason Webb Token, The server will now know, and they can say that it's invalid.