Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need a better jwt mechanism to encrypt the content. #106

Open
chhsiao1981 opened this issue Jan 19, 2021 · 0 comments
Open

Need a better jwt mechanism to encrypt the content. #106

chhsiao1981 opened this issue Jan 19, 2021 · 0 comments
Labels
good first issue Good for newcomers Review code review

Comments

@chhsiao1981
Copy link
Collaborator

chhsiao1981 commented Jan 19, 2021
edited
Loading

Provide the github link(s) of the file#line (請提供 github 關於 code 的 link)

https://github.com/Ptt-official-app/go-pttbbs/blob/main/api/auth_utils.go#L53

What would you like to discuss (你想要討論什麼呢?~)

Currently we are using jwt implemented by square.
https://github.com/Ptt-official-app/go-pttbbs/blob/main/go.mod#L16

However, currently the settings is only for verification.
The content of the access-token is not encrypted and can be viewed in https://jwt.io
This is not good in production.

We would like to have a better setting of jwt-token
to encrypt the content in the token as well.

It's with high probability that it's doable by just changing the setting of the square library.
@chhsiao1981 chhsiao1981 added good first issue Good for newcomers Review code review labels Jan 19, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers Review code review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@chhsiao1981