-
We need to document the authentication flow for everyone to understand how our auth works, because we are using "new" (/rare - sadly) technologies: JWT, CSRF Tokens, Http Secure Cookies etc.
-
Hi all,
I'd like to add the support for jti claim to the package. The idea basically would be to store a list of expired jti's somewhere on the server side, and allow to blacklist specific tokens.
T…
-
## Support Biscuit as an access token format
### Problem
Biscuit is another form of signed tokens. Major benefit ([per HN](https://news.ycombinator.com/item?id=38635617)) is that it allows for a…
-
Error : JWT is malformed, when hitting the /refresh-token end point.
To resolve this change the code like this.
const { accessToken, refreshToken } = await generateAccessAndRefereshTokens(user._i…
-
Hi everyone. I am using api-platform with lexik jwt for tokens. I know that this bundle will generate a refresh token when using login_check. But how to use it with the custom endpoint (or api platfor…
-
# Question : Write a TypeScript program to implement a basic authentication system using JWT (JSON Web Tokens).
Path to create the file : `9dPhRb/MHheUm.ts`
To assign yourself for this issue use `!…
-
The auth service and services that consume JWT tokens, must share a secret.
The auth daemon has a `-secret` command line flag that is used in dev/testing.
Add support to the auth daemon to use H…
-
We need to have the possibility to create service tokens (used for syncronisation from MXCuBE for instance). These could be the using the same JWT token system as user tokens but with a longer expirat…
-
The underlying problem is that if someone's web2 JWT is on another chain, somebody can steal it and then put it on this chain, which will verify it, as it doesn't check the 'aud' claim.
There are …
-
Low priority(?)
Refresh Tokens are currently not part of the system. This means that when the jwt tokens expire the user will have to log in again. This is slightly inconvenient but not really a bi…