Open wolfgangwalther opened 1 week ago
It seems that after the change to jose-jwt in 465170c7d6c51dace3faf68fbb4040353d5571c0, we don't require a minimum of 32 characters for jwt-secret anymore.
jose-jwt
jwt-secret
The question is: Should we keep it like that or re-implement that limit ourselves? If we re-implement it, we can surely do https://github.com/PostgREST/postgrest/issues/1840#issuecomment-1034857931.
I tend to say the limit is useful and we should implement it again with a proper error message.
It seems that after the change to
jose-jwt
in 465170c7d6c51dace3faf68fbb4040353d5571c0, we don't require a minimum of 32 characters forjwt-secret
anymore.The question is: Should we keep it like that or re-implement that limit ourselves? If we re-implement it, we can surely do https://github.com/PostgREST/postgrest/issues/1840#issuecomment-1034857931.
I tend to say the limit is useful and we should implement it again with a proper error message.