jsms90
commented
7 years ago forgot to reference this issue in commit https://github.com/foundersandcoders/oauth-workshop/commit/547ec7a940412ce09ba44dff28776b04b30807d7
Closed jsms90 closed 7 years ago
jsms90
commented
7 years ago forgot to reference this issue in commit https://github.com/foundersandcoders/oauth-workshop/commit/547ec7a940412ce09ba44dff28776b04b30807d7
As @des-des pointed out, JWTs aren't used for encryption
So my earlier objections to steps 5-6 of the old workshop don't really apply.
Apparently, putting the acess token directly into the cookie is fine (at least, now that we have step 2 and students are on an HTTPS connection: http://sitr.us/2011/08/26/cookies-are-bad-for-you.html)