|
|
|
|
|
|
by talove
1823 days ago
|
|
|
This. That's why they call them 'attack vectors'. I disagree with the main thesis for why JWT is a problem. JWT isn't necessarily encouraging you not to hit the DB for user lookup. This is the claim the article makes as a problem with revocation. It reads like a really long thoughtful article based entirely on false assumptions for how to best use it. It's ok to carry around some encrypted state in your tokens for some uses cases. |
|
|