Enrolling identities versus using external JWTs

I am still working my mind through the JWT chat example.

One issue I am grappling with is what to use when… so I thought to ask if anyone has any insights about how to deal with the trade off.

On one side you can keep everything private but then you need to enroll each identity on each device

However, on the other you can use an external JWT via an Identity Provider… but then it becomes the weak link if compromised.

Any tips? suggestions? insights?


The main question I am trying to answer is what is best when… as its not really clear right now.

I don’t think there’s any direct answers here but you’re spot on with this assessment. It’s really up to the implementor to decide when the convenience outweighs the risk and how much risk one wants to tolerate.