Show HN: HWT (Hash Web Tokens) – minimalist protocol for auth state
jimmont.comMy frustration solving auth with JWTs led to reinventing the wheel for more predictable token integrity and transparency, while improving flexibility. The mix of features separates concerns more cleanly than what's been available, allowing higher throughput, custom codecs, delegation to both services and domains while easing key rotation and other practicalities.
The design is focused on the token as state guarantee, not creation, revocation and the range of other separate concerns and application responsibilities. The spec conventions attempts to ease development with jurisdiction/data sovereignty and authorization in the authz field. It also enables and eases delegation between services and domains without centralized service exposure. The implementation is standalone and has demos for Deno, Cloudflare, etc in https://github.com/hwt-protocol
Feedback and critique of the security logic and approach appreciated.
No comments yet.