I can't tell how you want me to respond here! I could be factual but that might ruin a good joke
-
-
joke first, then srs bans
1 réponse 0 Retweet 0 j'aime -
oh! well, it's bad. Use it for interoperating with OAuth2 systems and ditch it for anything new
1 réponse 0 Retweet 2 j'aime -
For many reasons, here are a few: 1. The spec allows for no-encryption algorithms to be used and many implementations don't prevent them!
2 réponses 0 Retweet 3 j'aime -
There's been recent bugs filed and fixed just in the past 6-12 months in some popular ones that do that
1 réponse 0 Retweet 2 j'aime -
JSON parser implementations also differ in how they handle duplicate keys and, in the JWT context, there's some concerns about attacks there
1 réponse 0 Retweet 2 j'aime -
Also, people seem to keep trying to use JWTs for stateless sessions? But that's a bad idea. See http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/ …
1 réponse 0 Retweet 2 j'aime -
You gotta ram in some not great ideas to make JWTs worthwhile
1 réponse 0 Retweet 2 j'aime -
eg you want to put a CDN in front of your code & give it your private keys but still want to be sure user data isn't messed with by the CDN
1 réponse 0 Retweet 2 j'aime -
So those are my feels about JWT. I don't have a joke
4 réponses 0 Retweet 6 j'aime
Thanks, Jeff 
Le chargement semble prendre du temps.
Twitter est peut-être en surcapacité ou rencontre momentanément un incident. Réessayez ou rendez-vous sur la page Twitter Status pour plus d'informations.