security for web applications session vs token

Question

Background:
I am developing a web application, planned to use spring-mvc and spring security. My plan is to use form based authentication where

Answer 1

• For Stateless application use JWT
• For third party applications use OAuth2
• For Statefull application use Session + CSRF