JWTs are best practice for OAuth as it can transport claims. It’s up to your application if you continue to use it after the initial flow.
You are fine to convert it, but most apps don’t as it’s easier.
I use Strongbox and store my Passkeys in a Keepass File. Vendor agnostic, private syncable and locked by my passphrase.
I like them and wish more services would implement them properly.
Yeah, I blame those employers too.
Last year I was job hunting and got declined a position as I only have 10 years of experience with JavaEE, but no job experience with Spring Boot (only a few hobby projects). That’s how narrow minded these guys are.
Personally I often go to Amazon to find things, google the author and check on the HP on how to buy the book with the least amount of "tax" for the author.
Added benefit: you get formats outside of walled gardens!
reply