Hacker News new | ask | show | jobs
by icebraining 2730 days ago
He suggests KISS: you can probably get away with plain old server-side auth, and if you really need client-side tokens, use something simple that just encrypts and signs them: https://news.ycombinator.com/item?id=13612941#13615634
1 comments
Aeolun 2730 days ago
> Something simple that just encrypts and signs them

Like JWT?

I feel like that argument goes around in circles.

link
icebraining 2730 days ago
tptacek's point is that JWT is not simple at all:

https://news.ycombinator.com/item?id=13866983

https://news.ycombinator.com/item?id=14292223

link
geezerjay 2730 days ago
> I feel like that argument goes around in circles.

I feel that the problem is that some users are talking about stuff they know nothing about, but still feel compelled to be very vocal and opinionated.

link