|
|
|
|
|
|
by robotdan
1575 days ago
|
|
|
This is a good point. Keeping it simple is always a good engineering choice. I think one of the reasons JWTs come up so often is that if you are going to use OAuth2/OpenID Connect - ideally the Authorization Code grant, then tokens become an important component. And many IdPs implement the OAuth2 access token as a JWT. So it may be that your IdP ends up making this choice for you. Then you have to learn how to deal with JWTs. |
|
|