Security Encyclopedia

Stateless Authentication (Token-Based)

Stateless Authentication is a way to verify users by having much of the session information such as user properties stored on the client side. It makes identify verification with the backend seamless. Also called token-based authentication, stateless authentication is efficient, scalable, and interoperable.

Stateless authentication uses tokens, most often a JSON Web Token (JWT), that contain the user and client information. The server only has to match the token key and cryptographic signature with the information on file, meaning it can do far less work in looking up identity provider (IdP) information. This reduces server overhead. It also makes stateless authentication scaleable and interoperable with single sign-on (SSO).

A popular form of stateless or token-based authentication Security Assertion Markup Language (SAML).


“Our move to stateless authentication has two great benefits. It relieves our servers of burdensome task of all those user/session lookups. It also token-based and enables us to work with single sign-on. While the alternative was simple to stand up, it didn’t scale or provide us the flexibility to move to SSO.”