This chapter covers

• Scaling token-based authentication with encrypted client-side storage
• Protecting tokens with MACs and authenticated encryption
• Generating standard JSON Web Tokens
• Handling token revocation when all the state is on the client

You’ve shifted the Natter API over to using the database token store with tokens stored in Web Storage. The good news is that Natter is really taking off. Your user base has grown to millions of regular users. The bad news is that the token database is struggling to cope with this level of traffic. You’ve evaluated different database backends, but you’ve heard about stateless tokens that would allow you to get rid of the database entirely. Without a database slowing ...