JWTs (JSON Web Tokens) have become the go-to solution for handling authentication and authorization—but they were never meant to do it all. In this video, I explain why using JWTs for authorization can be a serious mistake, especially in modern, distributed backend systems.
Chapters:
[0:36] What a JWT really is (and what it's not)
[1:22] The New Enemy Problem
[2:28] Why scope claims are vague and dangerous
[3:27] The impossible task of predicting downstream permissions
[4:09] Why centralized authorization is a better alternative
Learn more about SpiceDB. It's Open Source!
https://github.com/authzed/spicedb