undefined | Better HN

0 pointslocknitpicker9d ago0 comments

> Yes we have heard this before, React is only 30kb!

Not quite. You might be surprised to know, but the whole JOSE standard, and JWT in particular, specify a very limited set of fields. Whenever anyone starts requiring more than that, the responsibilities start to be offloaded to the likes of OpenID Connect.

0 comments

2 comments · 2 top-level

jkrejcha8d ago

For those curious, here are the relevant specified fields along with the relevant standards (both IETF, OIDC, etc)

JWT: https://www.iana.org/assignments/jwt/jwt.xhtml

JOSE: https://www.iana.org/assignments/jwt/jwt.xhtml

hparadiz9d ago

This is actually really funny because I recently had this problem having to authenticate an internal repo with an OIDC but the script had to run so early in the bootstrap processes that the python google sdk is not yet installed so I had to manually install the SDK before apt is available by pulling it down manually to bootstrap the chicken or the egg problem. My initial implementation was using curl but folks insisted (rightly) on using the official SDK. I'm sure it's a lot more than 30kb though not during runtime per say.

j / k navigate · click thread line to collapse