As mobile devices and RESTful APIs become prevalent in internet applications, cookie-based authentication is no longer able to satisfy every use case. Token-based authentication has become the preferred way to:
- Enable third-party apps to access user information and perform certain actions on a user’s behalf
- Overcome the domain restrictions of cookies. Tokens can be passed around to different services under different domains
- Keep authentication state on the client side only. This reduces load on the server and enables more flexible authentication use cases
