But if I used a session, I would need to keep even more state, and probably even have a DB in the loop. If I used an encrypted JWT between the app and my server which would store the access token I get from twitch, I could still keep everything stateless, but I would have to worry about invalidating that JWT as well. I’m basically trying to avoid a session system (or storing “session data” on the client inside a JWT) and keep most of the app’s functionality within the browser if possible (which makes sense for the kind of project I’m working on, trust me 
)
Yes exactly! That way, the website can communicate with twitch directly and do most of everything it needs without my server being present, but if it is it can prove to the server that a user is logged in and then access additional functionality that requires some server-side stuff.