- On the Security of JWT
- https://datatracker.ietf.org/doc/html/draft-ietf-oauth-jwt-bcp-07
- https://curity.io/resources/learn/jwt-best-practices/
- http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/
- http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/
- https://evertpot.com/jwt-is-a-bad-default/
- Why JWTs Are Bad for Authentication – Randall Degges (Head of Dev Relations, Okta)
2022-04-05