prev <<
OAuth, RESTy APIs, Microservices, ...
>> next
Key point
Whoever has the token, can act as the user
You can pass the token to the JS frontend and directly call any backend that accepts the token