Hacker News new | past | comments | ask | show | jobs | submit login

Well, what I asked for was an article showing how to do it in many languages and platforms. What I got was an offer to hire a high priced consultant. This is one of the reasons JWT and Auth0 are winning. I would love to do things the rightâ„¢ way, and I appreciated your article. But there is a lot more the crypto community (or someone) needs to offer to make the alternatives to JWT just as attractive as JWT.

If you liked his article, as I did, what are we actually debating at this point? If all you're pointing out is that a single blog post hasn't solved the problem of JWT being promoted as a safe crypto standard when it isn't, well, everyone agrees on that already. Nobody has claimed this blog post to be more than it is: a good blog post.

Are we debating? I was trying to find a viable alternative to JWT that isn't "hire me at an expensive hourly rate". I think that's a pretty reasonable goal after reading yet another "don't use JWT" article, of which I've seen dozens in the past few years.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact