You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thanks for the links. I completely agree that JWT shouldn't be used for browser based applications. I have added to the Flask-Security documentation some notes about that - sessions are easier, more secure etc.
The idea for JWT was to replace the tokens used for communicating application to application (such as in a micro-service or scripting environment) where JWTs can have all the authn and authz information embedded in it so that no DB calls are needed can be a nice performance and ease of administration win.
I will look more into Paseto - hadn't seen that before.
The problems with JWT are well documented. Paseto is a replacement for JWT without these problems.
The text was updated successfully, but these errors were encountered: