Switch to JWTs

Question

Switch to JWTs

Closed this issue 7 months ago · 7 comments

nbitzz commented 10 months ago

We. don't use jwts. and we probably should

Answer 1 · 2024-04-29T19:35:32.000Z

Should we consider this for the "like really fucking easy" label

Answer 2 · 2024-04-29T19:36:38.000Z

What the fuck since when did we have that

Answer 3 · 2024-04-29T20:00:20.000Z

What the fuck since when did we have that

Since like 30 minutes ago

Answer 4 · 2024-05-03T18:10:10.000Z

@Jack5079 is it even worth it to use JWTs?

We need to store the signing key... somewhere, and we still need to store all of the data in the JWT on the server if we want to do session management.

The only benefit I can think of: not needing to make an extra request to some new endpoint to check your token's scopes. Worth it? Probably

Answer 5 · 2024-05-03T18:11:03.000Z

I have no fucking idea

Answer 6 · 2024-05-03T18:11:53.000Z

How much data do we even store in the JWT? We probably don't want to make it a Fat Fuck but I don't know
Just accountID, token type and scopes?

Answer 7 · 2024-05-25T05:11:34.000Z

Solved in #70