undefined | Better HN

0 pointsrblatz8y ago0 comments

Correct, your token authority should specify which algorithms are valid, and your clients should self configure via a secure back channel to only accept the algorithms your token authority issues.

0 comments

abritinthebay8y ago

Exactly! JWT is a much misunderstood system it seems. Though it doesn’t exactly help itself by being quite complex

j / k navigate · click thread line to collapse

0 comments

abritinthebay8y ago

Exactly! JWT is a much misunderstood system it seems. Though it doesn’t exactly help itself by being quite complex

j / k navigate · click thread line to collapse