JSON Web Tokens (JWTs) are a commonly used method for representing claims securely between two parties. But security experts advise developers not to use them. In this talk, I will introduce and explain the security implications of JWTs, and then present and compare three alternatives.