There is another aspect you need to consider here as well. Within this token, we could also embed authorization information apart from authentication information. Note that having all of this information within a token that is being passed around frequently could soon become an overhead. We can make the necessary changes to ensure that the information pertaining to the authorization is a one-time activity and is later persisted with the services as required.
When we decide to persist authorization-related information with individual services, we make them elastic in a way. The task of persisting authorization information with individual services does away with the requirement of reaching out to the authentication service each time for authorization-related data. This means we can scale our services quite easily.