Swap out jsonwebtoken for iron module?

[nelsonic]

in #25 @poeticninja mentioned switching from jsonwebtoken to _iron_ for the JSON token encryption.

While we _love_ the work @hueniverse & Co. are doing with iron (and _trust_ him on security matters), we like the fact jwt has a Spec which means if people want to use multiple backends (e.g. Node/Scala/Go/Erlang) there are already modules they can use to sign/decode JWTs ... also the fact that Auth0 are invested in maintaining the node-jsonwebtoken module gives us (some) assurance that our backs are covered...

We are torn. 😕

@evilpacket what are the fine folks @liftsecurity recommending for people building Hapi Apps/APIs who can't (or don't want to) use a 3rd Party/SASS Authentication Service?

discuss (thanks!)

[poeticninja]

@nelsonic Sorry. You miss understood me in the issue (#25). For this plugin I would be using jsonwebtoken. I was just trying to point out how they use iron and this plugin uses jsonwebtoken and that should be the main difference.

The reason why people are going to want to use this plugin in Hapi is because they want jsonwebtokens in there application.

Sorry for the confusion.

[nelsonic]

Gotcha! 👍

[poeticninja]

😄

[nelsonic]

Cool. Glad we're on the same page. Closing this. 👍