JWT (JSON Web Tokens) is a Bad Standard That Everyone Should Avoid
https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid [paragonie.com]
2017-03-14 18:45
Yes, we did a free audit for a JWT library in 2015, but do you know what happened since?
1. That library added a None signer, which reintroduces the risk of one of the critical authentication bypass bugs mentioned above.
2. The None signer was made the default option.
Plus some other reasons to be wary.
source: L