Quantcast

lasso-jwt now on git hub

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

lasso-jwt now on git hub

Alex Betz-3
I have now finish a little lasso 9 JWT library including a custom-type  to
read and validate heders containing the JWT. You can find it on:

*https://github.com/agbetz64/lasso_jwt/
<https://github.com/agbetz64/lasso_jwt/>*

 I put it under a MIT licence, but I am happy to change it to any other
open source licence if people feel strongly about it. Many thanks to Jolle
for his input and improvements.

Best
Alex

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: lasso-jwt now on git hub

Bil Corry-3
Be sure to read through this to avoid pitfalls with JWT:

https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid


- Bil


On Fri, Apr 28, 2017 at 10:49 AM, Alex Betz <[hidden email]> wrote:

> I have now finish a little lasso 9 JWT library including a custom-type  to
> read and validate heders containing the JWT. You can find it on:
>
> *https://github.com/agbetz64/lasso_jwt/
> <https://github.com/agbetz64/lasso_jwt/>*
>
>  I put it under a MIT licence, but I am happy to change it to any other
> open source licence if people feel strongly about it. Many thanks to Jolle
> for his input and improvements.
>
> Best
> Alex
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: lasso-jwt now on git hub

Alex Betz-3
it is not the JWTs that are the problem it is how people use them that is!
In most cases I would certainly stick with session and cookies. But just to
hand over a signed token they are pretty good and pretty safe.
All the appropriate checking should be done on the server. I have given
only a couple of ideas how that can be achieved. The best lock in the world
will not protect you from burglars if you leave the door open ;-)


Thanks
Alex

On 28 April 2017 at 19:04, Bil Corry <[hidden email]> wrote:

> Be sure to read through this to avoid pitfalls with JWT:
>
> https://paragonie.com/blog/2017/03/jwt-json-web-tokens-
> is-bad-standard-that-everyone-should-avoid
>
>
> - Bil
>
>
> On Fri, Apr 28, 2017 at 10:49 AM, Alex Betz <[hidden email]> wrote:
>
> > I have now finish a little lasso 9 JWT library including a custom-type
> to
> > read and validate heders containing the JWT. You can find it on:
> >
> > *https://github.com/agbetz64/lasso_jwt/
> > <https://github.com/agbetz64/lasso_jwt/>*
> >
> >  I put it under a MIT licence, but I am happy to change it to any other
> > open source licence if people feel strongly about it. Many thanks to
> Jolle
> > for his input and improvements.
> >
> > Best
> > Alex
> >
> > #############################################################
> >
> > This message is sent to you because you are subscribed to
> >   the mailing list Lasso [hidden email]
> > Official list archives available at http://www.lassotalk.com
> > To unsubscribe, E-mail to: <[hidden email]>
> > Send administrative queries to  <[hidden email]>
> >
>
> #############################################################
>
> This message is sent to you because you are subscribed to
>   the mailing list Lasso [hidden email]
> Official list archives available at http://www.lassotalk.com
> To unsubscribe, E-mail to: <[hidden email]>
> Send administrative queries to  <[hidden email]>
>

#############################################################

This message is sent to you because you are subscribed to
  the mailing list Lasso [hidden email]
Official list archives available at http://www.lassotalk.com
To unsubscribe, E-mail to: <[hidden email]>
Send administrative queries to  <[hidden email]>
Loading...