Include alternatives / criticism of JWT?

[jnv]

Hi there! I drove by your repo to add it into my lists repository and noticed that while the topic here is general authentication, it mostly focuses on JWT "for now". Would you be interested in covering criticisms of JWT as well, e.g. its poor design and usually improper use (like session tokens)?

Some resources on this topic:

• Stop using JWT for sessions and part 2: Why your solution doesn't work
• Why JWTs Suck as Session Tokens
• No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid (including JWT, JWE and JWS)
• https://github.com/shieldfy/API-Security-Checklist/issues/6 with more resources

And some alternatives:

• Things to Use Instead of JWT
• Branca as an Alternative to JWT?
• Paseto is a Secure Alternative to the JOSE Standards (JWT, etc.)

[gitcommitshow]

Thank you for contributing. I have added these links under Security Risks and Criticism of JWT heading.

[jnv]

Thanks! I will go ahead and close this issue.