Stateless authentication w/ JSON Web Tokens