Hacker News new | past | comments | ask | show | jobs | submit login

It feels like malpractice to use json in encryption



Sadly JWT and friends are "standard". In theory the representation and the data are independent and you can marshal and unmarshal correctly.

In practice, "alg:none" is a headache and everyone involved should be ashamed.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: