I disagree. Just because a subpar implementation is "winning" thanks to cargo-cult developers doesn't mean it's time to put up with mediocrity especially in a security context where a failure can be disastrous.
If you have a business case for JWTs, fine, take on the extra complexity and implement JWTs properly.
If you don't (and as the author points out, the majority of implementations don't need them), push back and do it properly using a simpler system, rather than implement the complexity just to then abstract it away.
I disagree. Just because a subpar implementation is "winning" thanks to cargo-cult developers doesn't mean it's time to put up with mediocrity especially in a security context where a failure can be disastrous.
If you have a business case for JWTs, fine, take on the extra complexity and implement JWTs properly.
If you don't (and as the author points out, the majority of implementations don't need them), push back and do it properly using a simpler system, rather than implement the complexity just to then abstract it away.