| > ... as it's precisely the same. If you believe JWT is "precisely" the same as mere presentation of a token, then you're woefully ignorant of JWT. > ... it makes no sense to present that workflow as an alternative to the JWT workflow ... But that's not what happened, is it? In fact, it's the opposite. As I read it, [1] suggests a bearer token workflow, to which [2] replies that the suggestion is "an awful lot like JWT", whereupon [3] clarifies that the original suggestion is just a normal bearer token scheme, which, I claim, shares nothing with "JWT" except the "T". > ... JWT, which is a bearer token scheme ... The "T" in "JWT" is the least interesting bit of JWT, and merely a necessity. > It's irrelevant if the workflow is specific to JWT or is shared by other bearer token schemes When not talking about any specific bearer token scheme, it is absolutely relevant. Only the generic point was under discussion, until JWT was introduced. JWT is not just another bearer token scheme. It comes with its own additional obligations, restrictions, and extra steps, not to mention the purpose-defeating pitfalls. ---- [1]: https://news.ycombinator.com/item?id=18768173 [2]: https://news.ycombinator.com/item?id=18768212 [3]: https://news.ycombinator.com/item?id=18768242 |
Care to provide an example?