Jillian Estrella is an accomplished creator of immersive and interactive LED art, a physicist, and a Software Engineering Manager specializing in Design Systems and Developer Experience (DevX)
Location
Colorado, USA
Education
M.S.
Pronouns
she/her
Work
Software Engineering Manager, Design Systems and Developer Experience at Northwestern Mutual
Static site with API backend is not a use case for using JWT.
I use “static” frontends regularly with GraphQL backends and still use sessions with secure httpOnly cookies so they can’t be accessed by the browser.
IMO JWTs are okay for what I refer to as “loose” authentication (when you quickly want to hide some nonsensitive data behind a login using a service such as Auth0 but your not necessarily exposing sensitive data).
Always, when exposing potentially sensitive data, use sessions with secure httpOnly cookies.
Cofounded Host Collective (DiscountASP.net). Cofounded Player Axis (Social Gaming). Computer Scientist and Technology Evangelist with 20+ years of experience with JavaScript!
Static site with API backend is not a use case for using JWT.
it is also not NOT a use case.
I like JWT when you have multiple distributed systems that need to share a single authentication that a single system doesn't have the authority to maintain itself.
Authentication as a Service.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Static site with API backend is not a use case for using JWT.
I use “static” frontends regularly with GraphQL backends and still use sessions with secure httpOnly cookies so they can’t be accessed by the browser.
IMO JWTs are okay for what I refer to as “loose” authentication (when you quickly want to hide some nonsensitive data behind a login using a service such as Auth0 but your not necessarily exposing sensitive data).
Always, when exposing potentially sensitive data, use sessions with secure httpOnly cookies.
it is also not NOT a use case.
I like JWT when you have multiple distributed systems that need to share a single authentication that a single system doesn't have the authority to maintain itself.
Authentication as a Service.