Whats next?

Read your article at https://hackernoon.com/your-node-js-authentication-tutorial-is-wrong-f1a3bf831a46. It was pretty stirring and controversial. That lead me here, which seems like a dead end. Any references or resources for getting api authentication right, or as close to 'right' as possible. What methods do you use nowadays?