Switch to JWTs - Githubissues

mollersuite / monofile

File sharing over the Discord CDN

https://fyle.uk

The Unlicense

18 stars 3 forks source link

Switch to JWTs #54

Closed nbitzz closed 1 month ago

nbitzz commented 3 months ago

We. don't use jwts. and we probably should

nbitzz commented 2 months ago

Should we consider this for the "like really fucking easy" label

Jack5079 commented 2 months ago

What the fuck since when did we have that

nbitzz commented 2 months ago

What the fuck since when did we have that

Since like 30 minutes ago

nbitzz commented 1 month ago

@Jack5079 is it even worth it to use JWTs?

We need to store the signing key... somewhere, and we still need to store all of the data in the JWT on the server if we want to do session management.

The only benefit I can think of: not needing to make an extra request to some new endpoint to check your token's scopes. Worth it? Probably

Jack5079 commented 1 month ago

I have no fucking idea

nbitzz commented 1 month ago

How much data do we even store in the JWT? We probably don't want to make it a Fat Fuck but I don't know Just accountID, token type and scopes?

nbitzz commented 1 month ago

Solved in #70