Security is one of those things you shouldn’t play around with yourself, unless you know what you’re doing. This is the reason products such as Identity Server has gained such momentum and popularity. However, Identity Server is extremely difficult to configure correctly, and OIDC is also arguably a "hack" on top of OAuth2. JWT on the other hand, is dead simple to understand, and was created explicitly to authenticate and authorise users, contrary to OAuth that was originally created for an entirely different purpose. Hence, JWT is just as secure as OpenID Connect, only a gazillion times easier to understand and implement.

In the following video I demonstrate how to create your own JWT server using Magic in 1 second. Notice, Magic is a commercial product, and you need to pay a small fee to use it in a production environment – But compared to the number of hours you’d have to spend rolling your own Enterprise Single Sign On solution using JWT, I’m confident in that the license costs are small in comparison.

Source de l’article sur DZONE