Ask HN: What's the current sentiment on JWT for stateless auth tokens?

[andyroid]

Network latencies and round trips will almost certainly be the primary source of performance issues in any larger microservice environment. If you don’t need that level of scale, that’s great. But once you do, JWTs are perfect for carrying information across the network that may be verified without extra network calls involved.

[eropple]

> But once you do

Sure.

The vanishing minority of projects ever get to that point.

Didn't we internalize YAGNI literally a decade ago?

[spookthesunset]

A vanishingly small minority of projects need the ability to instantly revoke a token on every HTTP request. And even then there is nothing stopping you from doing so with JWT.

Know your facts. And YAGNI and all that...

[eropple]

"Logout all my sessions" is basic decency towards your user.

I get that it's hard with your bloggable thing, but it's better for the people on the other end.