|
|
|
|
|
|
by polymeris
2188 days ago
|
|
|
That's the thing, JWT is not an authentication protocol, that's just one (the most frequent) use-case of "transfering claims".
The footguns, e.g. the choice of encrypted or not, or symmetric or asymmetric crypto, are a result of the flexbility required to cover the other use-cases. Maybe what's needed is a subset of JWT that's just for AuthN. |
|
|