[blattimwind]

> JWT as a storage format is great indeed.

RSA or ECDSA with NIST curves for signing things doesn't strike me as "great".

[deathanatos]

If your complaint is that RSA is outdated and ECDSA is backdoored by the NSA, use Ed25519, which JWS/JWT supports[1].

[1]: https://tools.ietf.org/html/rfc8037#section-3.1

[bvrmn]

> JWS/JWT supports

Support for ed25519 signature in current implementations is pretty poor.

[ClumsyPilot]

You can use symmetric, sha256

[bvrmn]

Symmetric signatures completely kill ability to verify token without secret.

For python I had to glue and stick python_jwt with cryptography primitives to do ed25519.

And the most funny thing: very few clients will understand these "standard" JWT tokens.