This document discusses securing single page applications with token based authentication. It describes using JSON web tokens as client tokens to authenticate users, and protecting against cross-site scripting and cross-site request forgery attacks. It also addresses challenges of token revocation and whether the JavaScript client or browser should control the authentication token.