Well Kudos to the folks at JWT Auth! The project seems to be getting some traction once again and they have very recently addressed many of the issues. They now provide a way to specify token algorithms (and keys if needed), make it easy to put user info or anything else into the taken payload, have truly stateless tokens (no more 8 "auth" tables created), give you control over the routes (no more non-api oauth/??? routes that you have to override), can support impersonation, steer you away from putting the secret on the client, and the docs are improving daily. They are not quite 1.0.0 yet (1.0.0-rc2), so 100% is not expected. However, they are pretty close and leaps and bounds over the current official Laravel Passport implementation.

If you are developing a serious API using laravel as a backend, this definitely seems like the present optimal authentication path to check out. They have it pretty darn close to perfect for that purpose.