How to do authorization in an authentication microservice?

I am developing an auth service (NodeJS) that handles authentication and authorization.

I have two endpoints:

/auth-token

Client apps can fetch auth tokens (JSON web tokens) via POST. The auth service stores each generated JSON web token in its database.

/authorize

Other services within the SOA will verify auth tokens (from Authorization headers) at this endpoint.

Implementation of /authorize

I am not sure about the logic behind the /authorize endpoint.

Method I

1. Get auth token from Authorization header
   
2. Do a DB lookup of the token and see if it exists and not expired

Method II

1. Have a user database within the auth service and store all user info coming to /auth-token endpoint.
2. If the token has not expired, decode the token.
3. Get the user info and do a DB lookup to see if they exist in the user db.

Or some other way. Please let me know.

via ng-hacker-319