On Wed, 6 May 2020 at 16:40, Robert Samuel Newson <[email protected]> wrote: > > Make an issue (https://github.com/apache/couchdb/issues) > > At first blush, I don't see why not, though I thought there was value in > Authorization: Bearer <token> from _not_ being a cookie. I guess those > benefits > are not coupled with the token itself though.
I think the reasoning was that cookies can be long lived, and can persist in different places, and for JWTs that's generally undesirable. the Authorization: header is explicitly set by code, and shouldn't be persisted. -- damjan
