Please have a look at the 'Authentication Cookies' section of https://success.outsystems.com/documentation/11/security/configure_app_authentication/

Hey @Priya Naveen 

OutSystems' default role-based authentication does not use JWT (JSON Web Token). Instead, it uses a session-based authentication mechanism to manage user access. When a user logs in using standard methods like username/password, LDAP, SAML, or OAuth (depending on your configuration), OutSystems creates a session on the server.

This session stores user information such as identity, roles, and permissions, which is then referenced throughout the user's interaction with the application. Cookies are used to manage this session on the client side, ensuring that the user remains authenticated for subsequent requests.

OutSystems’ Role-Based Access Control (RBAC) ensures that user permissions are tied to predefined roles. These roles define which screens, actions, and data a user can access within the application. Each time a user interacts with the system, OutSystems checks the session for role permissions to authorize access.

While OutSystems doesn't use JWT in its default setup, it does support integrations with external identity providers (like OAuth2) that utilize JWT for token-based authentication if needed for custom authentication requirements.

thanks