JWT, JWE, JWS, etc. are terrible designs and need to be scrapped, not resuscitated.| paragonie.com
OAuth 2.0 is a standard that apps can use to provide client applications with secure delegated access. OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. OIDC adds a signed ID token and a UserInfo endpoint.| Okta Developer
Stop using local storage to store sensitive information. If you're putting a JWT in local storage you're doing it wrong.| www.rdegges.com