[nullbyte]

What's so bad about JWT's? The cryptographic protocol is sound.

[tptacek]

People write things like "the cryptographic protocol behind JWT is sound" and I always wonder where those assertions come from. Do you just think it must be, because none of the people you talk to say it isn't?

[iovrthoughtthis]

More to your original point, why add the complexity before it is required.

Let the complexity of the solutions incrementally grow with the complexity of the the problem being solved.

[batoure]

There is nothing wrong with JWT, implementing them requires some thought so that you don't leak sensitive info as well as configuring your backend properly.

Large swaths of the internet love to hate on JWT but its a major feature in oauth2 and is in use all over the place as decentralized APIs have become more commonplace.