| ▲ | rdegges 5 hours ago | |||||||
=0 I stumbled across this post and was thinking that it's interesting to see this topic trending now, since I've done a lot of work on it in the past. Then I clicked through and realized the author is linking to some of my stuff! What a blast from the past. Anyhow, there are way smarter people than myself who have covered this topic extensively over the years, but I still think that, even in 2026, JWTs are the wrong tools for web auth. They're fine to use for service-to-service stuff, but if you have the option, just use PASETO -- it solves a lot of the issues! | ||||||||
| ▲ | tored 4 hours ago | parent [-] | |||||||
Invalid certificate - dark humor. | ||||||||
| ||||||||