Skip to content

Need a better jwt mechanism to encrypt the content. #106

New issue
New issue
Open
Open
Need a better jwt mechanism to encrypt the content.#106
Labels
Reviewcode reviewgood first issueGood for newcomers
@chhsiao1981

Description

@chhsiao1981
chhsiao1981
opened on Jan 19, 2021

Provide the github link(s) of the file#line (請提供 github 關於 code 的 link)

https://github.com/Ptt-official-app/go-pttbbs/blob/main/api/auth_utils.go#L53

What would you like to discuss (你想要討論什麼呢?~)

Currently we are using jwt implemented by square.
https://github.com/Ptt-official-app/go-pttbbs/blob/main/go.mod#L16

However, currently the settings is only for verification.
The content of the access-token is not encrypted and can be viewed in https://jwt.io
This is not good in production.

We would like to have a better setting of jwt-token
to encrypt the content in the token as well.

It's with high probability that it's doable by just changing the setting of the square library.

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    Reviewcode reviewgood first issueGood for newcomers

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions