dfd analisis de sistemas: flujo JWT Token Flow

Tech architecture infographic titled "JWT Token Flow" using REQUEST FLOW archetype (client → server → DB). Show a precise developer-facing request/response diagram for JWT authentication and authorization. Layout: left-to-right flow with labeled boxes and directional arrows. Include these boxes: 1) Browser / Web Client — icon: browser window — role: 'User interface sends login and API requests'; 2) API Server — icon: server rack — role: 'Validates credentials, issues JWT, verifies protected requests'; 3) Database — icon: cylinder — role: 'Stores user accounts, password hash, roles'; 4) Cache — icon: stacked memory — role: 'Stores session metadata, token denylist, or public keys'; 5) Queue — icon: message queue — role: 'Processes async audit logs and background events'. Use canonical English labels only. Show arrows with short English labels and technically accurate flow: Browser to API Server: 'POST /login over HTTPS'; API Server to Database: 'SELECT user by email'; Database to API Server: 'User record + password hash'; API Server to Browser: '200 OK + JWT access token + optional refresh token'; Browser to API Server: 'GET /profile + Authorization: Bearer JWT'; API Server to Cache: 'Check denylist / key lookup'; Cache to API Server: 'Token status / public key'; API Server to Database: 'Fetch user profile / permissions'; Database to API Server: 'Profile JSON'; API Server to Browser: '200 OK JSON response'; API Server to Queue: 'Audit log event'; optional error branch from API Server to Browser: '401 Unauthorized' for invalid or expired JWT. Make clear that JWT is signed and verified, not encrypted by default. If refresh token is shown, label it as separate from access token and indicate token renewal flow: Browser to API Server 'POST /refresh with refresh token', API Server to Browser '200 OK + new JWT'. Add numbered legend 1-7 in English: 1. User submits credentials in Browser. 2. API Server validates credentials against Database. 3. API Server issues signed JWT after successful authentication. 4. Browser stores token and sends it in Authorization header. 5. API Server verifies JWT signature, expiry, and optional denylist/cache status. 6. API Server loads protected data from Database and returns JSON. 7. API Server emits audit event to Queue; invalid tokens return 401 Unauthorized. Add subtle notes for mid-level developers: 'JWT claims: sub, exp, iat, roles', 'Signature example: HS256 or RS256', 'Use HTTPS for transport', 'Short-lived access token recommended'. Include small generic cloud icon only if needed for network boundary, no vendor branding. Visual style: cyberpunk neon with warm beige & navy palette, glowing edge highlights, dark navy background, beige panels, neon cyan and magenta accents, high contrast but readable typography, editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Mood: futuristic, technical, polished, trustworthy but not overstated; clearly educational, not an audited reference architecture. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).