EU ๐ช๐บ | Art, Tech & Good Vibrations ๐คณ | Founder of แดแดแดแดสสแดแดก ๐ hellotomorrow.agency โข Just started working on a new endeavour ๐ usepoe.app โข Follow me on Twitter!
Location
Brussels, Belgium
Work
UX Engineer, Product Manager, sometimes Designer at Self
I would like to add that you probably need JWT only in one particular case: when the server or service that authenticates you (i.e. that verifies your identity, where you put your username/password) is DIFFERENT from the server that has to authorize you to take certain actions (e.g. publish a new post).
Typically it's OAuth scenarios, where the user uses the credentials of one system (say an enterprise Active Directory) to perform actions on a second system (a custom app hosted on a different server and domain), where you may want to use JWTs.
In most small/medium apps the server that logs you in is the same that will publish your post (think a standard Laravel app), and in this case the classic ID cookie is the best choice. Simplest and safest.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I would like to add that you probably need JWT only in one particular case: when the server or service that authenticates you (i.e. that verifies your identity, where you put your username/password) is DIFFERENT from the server that has to authorize you to take certain actions (e.g. publish a new post).
Typically it's OAuth scenarios, where the user uses the credentials of one system (say an enterprise Active Directory) to perform actions on a second system (a custom app hosted on a different server and domain), where you may want to use JWTs.
In most small/medium apps the server that logs you in is the same that will publish your post (think a standard Laravel app), and in this case the classic ID cookie is the best choice. Simplest and safest.