-
We need to document the authentication flow for everyone to understand how our auth works, because we are using "new" (/rare - sadly) technologies: JWT, CSRF Tokens, Http Secure Cookies etc.
-
I really like this approach for stateless captcha, and it definitely has its use cases where you only want to prevent automatic and unintelligent spam.
After solving a captcha once, a user can simply…
-
Currently, when jwt is used for authentication, the verification will pass when jwt is valid or not provided. This requirement does not apply in some scenarios:
1. During the process of adding auth…
-
Low priority(?)
Refresh Tokens are currently not part of the system. This means that when the jwt tokens expire the user will have to log in again. This is slightly inconvenient but not really a bi…
-
Hello,
Can I get tokens which created by JWT-Auth? I have tried to look at google but no luck to me.
Thanks
-
Use cases:
* Tokens may be revoked at the authorization server; they should be considered invalid even if they are not expired.
* "Use-once" tokens may be valid for several days; but they should be …
-
## Expected Behavior
I am following the [example](https://docs.github.com/en/developers/apps/guides/using-the-github-api-in-your-app) of using GitHub API's in a GitHub app. This page links to [anot…
-
Authorise the backend to use JWT tokens and force all connections coming in to use this
-
Error : JWT is malformed, when hitting the /refresh-token end point.
To resolve this change the code like this.
const { accessToken, refreshToken } = await generateAccessAndRefereshTokens(user._i…
-
The underlying problem is that if someone's web2 JWT is on another chain, somebody can steal it and then put it on this chain, which will verify it, as it doesn't check the 'aud' claim.
There are …