JWT is the best option at this time to create authentication for stateless applications, mostly Web API. It has a lot of advantages including flexibility, enables scaling of HTTP applications, self contained and available in all standard programming languages.
Role based authentication on the other hand is authorization mechanisms for applications. It does not just end at collecting username/email or password but figuring out identity and assigning roles to these identities while restricting permissions too.
A user is an entity and has different characteristics from another. She can create another entity but might not be allowed to delete the entity. She might be allowed to view some entity but not allowed to edit it.
Determining these restrictions and permissions is where the headache is because JWT already handles authenticating the user. We will make use of a common library, Entrust, to achieve authorization.
Where the problem lies as already described in the introduction is working with JWT and authorization. This might not be a problem to professionals but I am 90% certain that beginners are battling with this judging from questions thrown around in the community. Let us try and tackle this problem.
You can read complete article here.