Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT should not be used #330

Closed
JimDabell opened this issue May 27, 2020 · 1 comment
Closed

JWT should not be used #330

JimDabell opened this issue May 27, 2020 · 1 comment

Comments

@JimDabell
Copy link

Migrate to more modern paradigms such as using oauth2 and JWT for token acquisition.

The problems with JWT are well documented. Paseto is a replacement for JWT without these problems.
@jwag956
Copy link
Member

jwag956 commented May 27, 2020

Thanks for the links. I completely agree that JWT shouldn't be used for browser based applications. I have added to the Flask-Security documentation some notes about that - sessions are easier, more secure etc.
The idea for JWT was to replace the tokens used for communicating application to application (such as in a micro-service or scripting environment) where JWTs can have all the authn and authz information embedded in it so that no DB calls are needed can be a nice performance and ease of administration win.

I will look more into Paseto - hadn't seen that before.

@FedericoCeratto FedericoCeratto mentioned this issue Aug 11, 2020
Open
@jwag956 jwag956 closed this as completed Aug 30, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@JimDabell @jwag956