So are there any worthwhile alternatives to JWTs? JSON Web Tokens (JWT) are a popular way to create URL-safe access tokens for web applications. They are often used for stateless sessions1 and they’re part of OpenID Connect (OIDC) protocol. Note: JWT is just one part of the JavaScript Object Signing and Encryption (JOSE) framework. It would be more accurate to talk about JOSE but JWT has come to represent the whole suite, so I’ll go with that. Unfortunately, JWT is not a great design. It...
