Hacker News new | ask | show | jobs
by pritambaral 2737 days ago
No, they've described a Bearer Token workflow. JWT is a specific method that also (most times) uses Bearer tokens, but it wasn't the first, nor does it have a monopoly on Bearer tokens.

I remember building a service when I was experimenting with web development that used randomly generated tokens in a custom HTTP header, and that is closer to Bearer Token (the standard) than Bearer Token is to JWT.
1 comments
geezerjay 2737 days ago
You're trying to be disingenuously pedantic. It's irrelevant if the workflow is specific to JWT or is shared by other bearer token schemes. The point is that JWT, which is a bearer token scheme, follows that workflow, thus it makes no sense to present that workflow as an alternative to the JWT workflow, as it's precisely the same.
link
pritambaral 2737 days ago
> ... as it's precisely the same.

If you believe JWT is "precisely" the same as mere presentation of a token, then you're woefully ignorant of JWT.

> ... it makes no sense to present that workflow as an alternative to the JWT workflow ...

But that's not what happened, is it? In fact, it's the opposite. As I read it, [1] suggests a bearer token workflow, to which [2] replies that the suggestion is "an awful lot like JWT", whereupon [3] clarifies that the original suggestion is just a normal bearer token scheme, which, I claim, shares nothing with "JWT" except the "T".

> ... JWT, which is a bearer token scheme ...

The "T" in "JWT" is the least interesting bit of JWT, and merely a necessity.

> It's irrelevant if the workflow is specific to JWT or is shared by other bearer token schemes

When not talking about any specific bearer token scheme, it is absolutely relevant. Only the generic point was under discussion, until JWT was introduced. JWT is not just another bearer token scheme. It comes with its own additional obligations, restrictions, and extra steps, not to mention the purpose-defeating pitfalls.

----

[1]: https://news.ycombinator.com/item?id=18768173

[2]: https://news.ycombinator.com/item?id=18768212

[3]: https://news.ycombinator.com/item?id=18768242

link
geezerjay 2737 days ago
> JWT is not just another bearer token scheme. It comes with its own additional obligations, restrictions, and extra steps, not to mention the purpose-defeating pitfalls.

Care to provide an example?

link