Using JSON Web Tokens (JWTs) for API Authorization can have awesome benefits over the more traditional session-ids approach: stateless verification/authorization, cross-domain and being client-side readable, but using JWTs on the web can be contentious. There is a lot of concern (and a lot of FUD spread) about using JWTs in web apps, specifically about storing the JWT in localstorage, but luckily there is a better way...