Whenever I need to make an authenticated HTTP call to an internal microservice, I usually use JWT. But recently I came to know that JWT comes with some security concerns. Although JWT is the most common way to do authentication, we can't just ignore its security concerns.