paolo-rossi
commented
3 years ago Hi @mWaltari
thank you for your suggestion!
I had already read the first article and I partially agree with the author, although several complaints he has with the JWT are in the (mis)use of some JWT features by the developers and/or poor implementation by library builders.
As for the PASETO standard, it's very interesting and I will look into it in the next weeks, but given the non-existent support for criptography algorithms by Delphi (apart, of course, commercial components) it will be very hard to have an implementation for Delphi. If you know some OS libraries (for Delphi) please let me know!
Ciao, Paolo.
https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid "JOSE Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid"
Apparently should use this instead...
https://paragonie.com/blog/2018/03/paseto-platform-agnostic-security-tokens-is-secure-alternative-jose-standards-jwt-etc
just FYI