JWT

[richburdon]

I ended up implementing the custom JWT token.

• works for Google or Facebook login (future proofing).
• didn't want to do this research again.
• we shouldn't be storing the id_token anyway (which one? each client may have a different token!)

So now:

• 24hour timeout
• refresh_id_token working (via JSONP)

Next:

• auto-refresh: Web + CRX

[adamberenzweig]

CRX is broken for me -- getting a 401 from /user/register.

I can see it's sending the JWT header. I'll debug more after lunch. Actually I'll head over to your place then.

On Wed, Mar 29, 2017 at 2:37 PM, Rich Burdon notifications@github.com wrote:

Closed #86 https://github.com/minderlabs/demo/pull/86.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/minderlabs/demo/pull/86#event-1020985381, or mute the thread https://github.com/notifications/unsubscribe-auth/AAWAUU-lAeE0AansQZED-jcTwDBgs6p8ks5rqqTsgaJpZM4MsYLg .

[adamberenzweig]

It's sending the Google id_token in the JWT header, but the server is expecting our own token now.

On Thu, Mar 30, 2017 at 12:36 PM, Adam Berenzweig adam@minderlabs.com wrote:

CRX is broken for me -- getting a 401 from /user/register.

I can see it's sending the JWT header. I'll debug more after lunch. Actually I'll head over to your place then.

On Wed, Mar 29, 2017 at 2:37 PM, Rich Burdon notifications@github.com wrote:

Closed #86 https://github.com/minderlabs/demo/pull/86.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/minderlabs/demo/pull/86#event-1020985381, or mute the thread https://github.com/notifications/unsubscribe-auth/AAWAUU-lAeE0AansQZED-jcTwDBgs6p8ks5rqqTsgaJpZM4MsYLg .