Leased line diagram of JWT token flow infographic

Tech architecture infographic titled "JWT token flow" using HOW-IT-WORKS archetype with numbered stages for a curious beginner. Show a dark-mode developer themed diagram with neon palette, editorial developer-blog illustration, isometric or flat tech-diagram style, vector-clean infographic layout. Create labeled boxes connected by directional arrows: 1) Browser — icon: web browser — role: user client that sends login and API requests. 2) API Server — icon: server rack or code brackets — role: validates credentials, issues JWT, and protects REST endpoints. 3) Database — icon: cylinder — role: stores user account records and password hashes. 4) Cache — icon: lightning or memory chip — role: stores session-related lookups, token blocklist, or rate-limit data. 5) Queue — icon: message queue or stacked cards — role: handles async events such as audit logs or welcome jobs. Arrange flow left-to-right or top-to-bottom with clear arrows and concise English labels. Include these technically accurate flows: Browser to API Server labeled "HTTPS POST /login + credentials"; API Server to Database labeled "SQL SELECT user"; Database to API Server labeled "user record + password hash"; API Server to Browser labeled "200 OK + JWT access token"; Browser to API Server labeled "HTTPS GET /resource + Authorization: Bearer JWT"; API Server internal validation step labeled "verify signature, exp, iss, aud"; API Server to Cache labeled "token blocklist lookup / rate limit"; Cache to API Server labeled "allow or revoked"; API Server to Database labeled "SQL SELECT protected data"; Database to API Server labeled "result rows"; API Server to Browser labeled "200 OK + JSON response"; API Server to Queue labeled "audit event". Add subtle optional branch for expired or invalid token: API Server to Browser labeled "401 Unauthorized". Each box must include an icon, a canonical English component name, and a one-line English role description. Add a numbered legend 1-7 in English: 1. User signs in from Browser over HTTPS. 2. API Server checks credentials against Database. 3. API Server creates and signs a JWT after successful authentication. 4. Browser stores the JWT and sends it in the Authorization header. 5. API Server validates JWT claims and signature before serving the request. 6. API Server may consult Cache for revocation, blocklist, or rate-limit checks, then reads protected data from Database. 7. API Server returns JSON response and may publish an audit event to Queue. Include a small caution note in English such as "Conceptual flow, not an audited security architecture". Visual style: dark charcoal background, neon cyan, violet, magenta, and lime accents, glowing arrows, crisp borders, soft grid, high contrast labels, modern developer dashboard mood, beginner-friendly spacing, clean hierarchy, compact callouts, generic cloud icons only, no vendor branding. All text MUST be written in English (array). Every heading, label, caption, legend and metric name in the image must be in English — not English. Spell each English word correctly using English characters and diacritics. Numbers stay as digits, no real cloud-vendor logos (AWS / GCP / Azure) — use generic cloud icons, no watermarks No real cloud-vendor logos (AWS, GCP, Azure) beyond generic cloud icons. Common protocol names (HTTPS, TCP, JWT, OAuth, REST, GraphQL) stay in canonical English form. No security-claim overstatements (do not present diagrams as audited reference architectures).