30 Matching Annotations
- Dec 2023
-
www.pluralsight.com www.pluralsight.com
-
Here is a simple diagram of the process:
-
- Aug 2023
-
www.alex-stewart.dev www.alex-stewart.dev
- May 2023
-
Tags
Annotators
URL
-
-
-
-
ucan.xyz ucan.xyz
- Dec 2022
-
www.form3.tech www.form3.tech
-
twitter.com twitter.com
-
几乎没人用对 JWT
Tags
Annotators
URL
-
-
www.zhihu.com www.zhihu.com
-
jwt与token+redis,哪种方案更好用?
Tags
Annotators
URL
-
-
segmentfault.com segmentfault.com
-
coolaj86.com coolaj86.com
-
Tags
Annotators
URL
-
- Nov 2022
-
www.rfc-editor.org www.rfc-editor.org
-
This document defines how a JWT Bearer Token can be used to request an access token when a client wishes to utilize an existing trust relationship, expressed through the semantics of the JWT, without a direct user-approval step at the authorization server.
[transfer fo trust/credentials]
Tags
Annotators
URL
-
- Jun 2021
-
pragmaticstudio.com pragmaticstudio.com
-
Note: Instead of storing a user’s ID in the session cookie you could store a JWT, but I’m not sure what that buys you. However, you may be using specific JWT claims that make this worthwhile.
-
- Feb 2020
-
developer.okta.com developer.okta.com
-
if you’re using user federation (things like single sign-on and OpenID Connect), JWTs become important because you need a way to validate a user’s identity via a third party.
-
If you’re building API services that need to support server-to-server or client-to-server (like a mobile app or single page app (SPA)) communication, using JWTs as your API tokens is a very smart idea.
-
If your website is popular and has many users, cache your sessions in a backend like memcached or redis, and you can easily scale your service with very little hassle.
-
in most web authentication cases, the JWT data is stored in a session cookie anyways, meaning that there are now two levels of signing. One on the cookie itself, and one on the JWT.
-
Almost every web framework loads the user on every incoming request. This includes frameworks like Django, Rails, Express.js (if you’re using an authentication library), etc. This means that even for sites that are primarily stateless, the web framework you’re using is still loading the user object regardless.
-
since JWTs are larger (in bytes) and also require CPU to compute cryptographic signatures, they’re actually significantly slower than traditional sessions when used in this manner.
-
This means that on most websites, the stateless benefits of a JWT are not being taken advantage of.
-
- Oct 2017
-
-
http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication
Try to turn on token-based authentication on DRF (http://www.django-rest-framework.org/api-guide/authentication/#tokenauthentication) and then follow the usual install of DRF-JWT, then added djoser and it works right of the box with no modifications to the code.
Tags
Annotators
URL
-
- Dec 2016
-
meta.discourse.org meta.discourse.org
-
getblimp.github.io getblimp.github.io
-
Sometimes you may want to manually generate a token, for example to return a token to the user immediately after account creation. You can do this as follows:
-
- Oct 2015
-
thinkster.io thinkster.io
-
A useful intro to the
angular-jwtservice that we use in H for auth.
Tags
Annotators
URL
-
- May 2015
-
auth0.com auth0.com
-
The good thing about JWTs is that they can contain any data structure:
-