JWT Only Gateway

[trajano]

Instead of going through the access token approach to get the JWT. Pass the entirety of the JWT to the client and let it send it back, the gateway can perform the initial JWT validation.

The JWT can be encrypted as well.

This goes on the theory that the lookup for the JWT token associated with the access token inside a cache is slower than passing the token and checking the validity of the token. The token itself can become quite large and will have to get sent on every request.