Or just our approach to it?
Why does this subject, so fundamental, seem so hard?
- The internet, including DEV, is full of articles on security, JWT, cookies-good, cookies-bad etc.
- Some services (e.g. Azure Active Directory) seem to handle it all for you - but do they really? And when can you actually use this approach?
- Pretty much any article on the subject will come with a stream of comment and debate attached - doubt is sown...
What's a professional, let alone a beginner, to do?