JWT is neat, in every meaning of the word. Sure, the base64-encoded data is basically plaintext. But a secure signature makes it All All Right. 🙂 Simple and elegant.
I used my OAuth code from twitter to do the encoding and encrypting. As per the usual, it’s in my Reusable project on github.
I used the most-readily-available encryption algorithm. Looking forward to setting up better faster harder ones soon.