This was great. A really fair survey of various token methods. Plus plenty of liveliness, not boring at all. Thanks, OP!
One thing that I wish was addressed more was language/library support. It gets casual references a couple of times, but for an average developer (as I consider myself) a set of robust, supported open source libraries that help me use a token is so important (not write an implementation, but use in a project that just wants to use the tokens safely).
I don't have anything but anecdata, but I feel like most software is going to be in the 'just want to use it' category, rather than the 'need to implement it'.
This is where the standards like OAuth and JWT win right now. That doesn't mean they always will, but in my experience, that's the current situation.
One thing that I wish was addressed more was language/library support. It gets casual references a couple of times, but for an average developer (as I consider myself) a set of robust, supported open source libraries that help me use a token is so important (not write an implementation, but use in a project that just wants to use the tokens safely).
I don't have anything but anecdata, but I feel like most software is going to be in the 'just want to use it' category, rather than the 'need to implement it'.
This is where the standards like OAuth and JWT win right now. That doesn't mean they always will, but in my experience, that's the current situation.