I agree, and I was thinking of using go-jwt but given the bad rap it has received here https://news.ycombinator.com/item?id=13865459 and here https://news.ycombinator.com/item?id=17877332, I'm having second thoughts as I don't want to mess things up. Also, I don't really need a stateless token just something that will allow for authentication from my server, Google OAuth and Facebook OAuth.