Security is one of the most important aspects of any application, and you should consider the following when choosing a security mechanism:
- For most use cases JWT authentication will be sufficient, so stick to that if you are not sure
- If you want single-sign-on in your application, use OAuth 2.0 / OIDC rather than trying to make JWT or session authentication work as an SSO solution
- If you already have Keycloak or Okta set up in your company, choose OAuth 2.0/OIDC and connect to them
- Choose session-based authentication only if you want a stateful authentication