Skip to content
This repository has been archived by the owner on Feb 24, 2021. It is now read-only.

Enable expiration of JWT token #55

Merged
merged 1 commit into from
Apr 23, 2018

Conversation

heysailor
Copy link
Contributor

Helps fix #52

JWT tokens produced by ooth are not spec compliant - see https://jwt.io/. They contain the user profile data. As the profile becomes large in size, the JWT tokens also enlarge, making them unsuitable for sessionless authentication in which tokens are exchanged with every request.

This pull request is aimed at allowing use of ooth to make a sessionless authentication service, such as used in mobile apps which do not use cookies.

@nickredmark
Copy link
Owner

Hey @heysailor thanks a lot!

@nickredmark nickredmark merged commit a0e0bcb into nickredmark:master Apr 23, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Refining JWT use: removing non-expiry vulnerability, enabling sessionless authentication, size considerations
2 participants