| ▲ | jiveturkey 3 hours ago | |
JWTs can do that (delegate) and such capability is already well defined. | ||
| ▲ | saganus 2 hours ago | parent [-] | |
Maybe I stated it wrong. Macaroons have the ability to attenuate the restrictions _without_ contacting the auth server, which makes it IMO fit for restricting and attenuating as much as you want, without much cost. If I need a roundtrip to the auth server to attenuate, I am not necessarily going to do it as often. | ||