If someone nefarious steals your <secret something> then yes you have problems, ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		davedx on May 27, 2024 \| parent \| context \| favorite \| on: Should I use JWTs for authentication tokens? If someone nefarious steals your <secret something> then yes you have problems, this isn’t anything unique to JWTs

ummonk on May 27, 2024 [–]

It makes a pretty big difference whether you have to send the secret down the wire to prove you possess it (e.g. a JWT, unlike say a private key).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact