Open toraritte opened 6 years ago
https://stackoverflow.com/questions/37582444/jwt-vs-cookies-for-token-based-authentication This entire thread is pretty good, but add on the to-do list to read the RFCs for Cookies and Bearer Tokens:
Bearer Tokens: https://tools.ietf.org/html/rfc6750
Cookies: https://tools.ietf.org/html/rfc6265
This Stackoverflow thread is also nice info on cookies. Mentions an interesting paper: A Secure Cookie Protocol.
https://jwt.io/introduction/
The above describes authorization use cases (and this is already fixed on jwt.io site's repo, but the page hasn't caught up yet).