This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
The we need to decide the format of access tokens.
- Opaque access tokens
- Use JWT access tokens
Chosen option: Use JWT access tokens
- We already use JWTs in our own session access tokens
- Seems to be the industry standard
- Enables offline verification (but online/calling the core is still an option)