none if you don't need federated authentication
Oauth will give fine-graned access to information on behalf of its owners JWT is an auth technique that allows you to avoid having a shared source of truth for session information and only requires the private-key to be on every machine, it’s easier to scale and more fault tolerant, but you lose control over your sessions, you can’t log out users immediatelly, which is necessary in some types of applications If I lose my phone and it’s unlocked - I want to get onto another computer, log into online banking and close all sessions immediatelly to avoid someone who found my phone getting access to my bank account. This is almost impossible with JTWs
Обсуждают сегодня