[teliskr]

Some people get entirely too dogmatic about their “XYZ is wrong, don’t do it!” beliefs. At the time I implemented JWT in our system, many years ago; it was the most straightforward way to solve the problems that I had. I read about the pitfalls and have yet to experience any of them. So in short.. “no regrats” from this heathen.

[hot_gril]

Isn't JWT's main benefit being a standard interchange format? 3 parts: header, payload containing user info, signature from whatever authenticated the user. Can be encoded for URLs and decoded to JSON. Seems pretty innocent to me.