Some advices

The secret key

Do not accept everything

Validate

the claims

Choose

asymmetric

Don't reinvent the wheel

Don't fight for revocation

Use only required and sufficient

Summary

It's not that simple!