You are able to talk around the topic in circles while missing the whole point. You are advocating people not to use local storage and JWT tokens based on nothing credible or nothing concrete. You are misleading a lot of people with your story.
There are perfect legitimate use cases for JWT and Local storage. They are very useful tools.
There are no spec issues with JWT and you can use JWT without encryption.
XSS is not an issue with local storage.
Please stop the FUD.
You do not have to explain anything, If what you say is credible and has any merit, people will make up their mind.
What you are saying is directly contrary to what is outlined in those links I supplied.
I'd love to have a more in depth convo at some point. I'd you're interested in continuing the conversation please hit me up: firstname.lastname@example.org. I'd be happy to talk about spec issues in more depth, or issues with architecture as outlined above.
Really open to whatever! It's a complex topic, and fun to look at.
looking back, this sure seems more like a hit piece from a shill than a legit criticism of jwts
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.