|
|
|
|
|
|
by nijave
2315 days ago
|
|
|
A couple more points * Why wrote your own format when JWT already has predefined keys. If you write your own encoding format instead of crappy JWT interoperability you have none and have to write everything from scratch * If you're following API first using cookies for machine to machine API interactions is ridiculous (cookies are for browsers and humans) * JWT being fairly standard plays nice with load balancer a/auth proxies/API gateways which can off load auth or even route it before hitting the application (database calls are expensive compared to in memory cached auth and you probably have an LB anyway) |
|
|