Discussion about this post

User's avatar
jpda's avatar

Neat approach but allowing services to mint tokens for others seems weird. Multi-audience tokens are discouraged and break certain scenarios, what if service B uses encrypted tokens? Does it now need to share its private key with service A? Token exchanges exist to allow service A to get a token for service B from a token service without having to have multiple audiences and following any configuration for service B.

Expand full comment
Ideas's avatar

Uau, this is a beautifully crafted piece. I'm truly grateful for the opportunity to read it. I’d love to explore the ideas on how this authentication system could be adapted for other websites and regions, especially to enhance centralized human experiences globally. Thank you for sharing this!

Expand full comment

No posts