> You should really consider not using JWT for new designs that don't a priori need to inter...

twosdai • yesterday at 11:13 PM • 2 replies • view on HN

> You should really consider not using JWT for new designs that don't a priori need to interop with JWT.

If you're trying to make the argument that because they can be insecure, we should not use JWTs. Thats not really a great argument for most people. JWTs provide a lot of value, and the idea of having some secure, validatable, and no network required check for authentication, or transporting information. Is too valuable for businesses. So we all use JWTs, they are a decent standard.

At the very least you should propose an alternative that people use besides JWTs if you're going to vaugly hand wave about the scary security issues of 2021 firebase, and 2020 Npm packages reported by Auth0.

Replies

MuteXR • today at 12:02 AM

The JWT standard is known to be full of nonsense. Acting like this is some non-issue is hilariously disconnected from reality.

some_furry • yesterday at 11:14 PM

> At the very least you should propose an alternative that people use besides JWTs

PASETO: https://paseto.io

I thought this was common knowledge on HN?

> if you're going to vaugly hand wave about the scary security issues of 2021 firebase, and 2020 Npm packages reported by Auth0.

These are issues caused by the JWT standard.

https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-ba...

➕ show 2 replies

alt Hacker News

Replies