It is a great idea, but like most implementations using cryptography in new applications with novel concepts (like cryptocurrencies), it’s half assed, and people are so eager to release and use it that they forego any simulation, testing and staging of their design; so we only get to find about any shortcomings, inefficiencies, or even design mistakes, once said tech has become big and popular (and consequently, a pain to fix and patch).
JWT sounds great on paper until you have to deal with logout and revocations. Might as well use standard session cookies.
It is a great idea, but like most implementations using cryptography in new applications with novel concepts (like cryptocurrencies), it’s half assed, and people are so eager to release and use it that they forego any simulation, testing and staging of their design; so we only get to find about any shortcomings, inefficiencies, or even design mistakes, once said tech has become big and popular (and consequently, a pain to fix and patch).