How to identity data to put in the token

• It should be relevant to a large set of your APIs

• It should not be application specific

• It should be attributes of the user

• It should not be contextual for the session