|
|
|
|
|
|
by venantius
3031 days ago
|
|
|
Haha, oh man I've spent a lot of time thinking about exactly this. I don't think I've got much to add that anyone else hasn't already said, but: Cookies - well known, hard to footgun yourself JWT - new, complicated to implement, easy to footgun yourself OAuth - generally only works in certain security models. You're probably still going to end up using cookies or JWTs as part of your OAuth state management anyways. Personally, I use cookies for all "apps" and I'll use JWTs when I need authn/authz in a more complicated microservice architecture where the "clients" aren't browsers. |
|
|