pci dss – Which Authentication mechanism to choose for PCI-DSS system


I want to create Angular 9 + Spring Boot application with strong security complaint to PCI-DSS security standard.

Which security protocol is preferred for user sessions in order to have high security when we use Angular and Spring Boot:

  • Session cookies
  • OAuth2
  • OAuth2 + JWT
  • JWT

for now I’m thinking to secure the application using JWT. Can you share what issue might I have using JWT and is it a good choice?