Comments (5)
Not so sure about the "can't blacklist tokens" and "sign users out" parts of your argument -- a "normal" implementation of JWT is that you use a short-lived token (typically a few minutes at most), with a database-backed "refresh token", and if the latter is revoked then you won't be able to get a new JWT token without logging in again. So you have been effectively signed out / blacklisted.
That said, the middleware should probably be added to the JWT package and not to the Auth one?
from auth.
I disagree with this - it pulls in yet another dependency that a large number of people wouldn't use. People on web won't use JWT and I personally don't like it for doing API auth either - JWT is pretty terrible for authenticating users, since you can't blacklist tokens or sign users out etc.
My (highly opinionated) $0.02 😆
from auth.
Vapor
is not necessarily a dependency on vapor/jwt
nor is Authentication
.
It would make more sense to have another package vapor/auth-jwt
which depends from:
vapor/auth
vapor/jwt
This new repository essentially would be a Vapor 3 version of vapor-community/jwt-provider
which has been deprecated leaving everyone that was using it absolutely without an alternative.
See also vapor/jwt#87
from auth.
This provides a similar functionality to the old vapor-community/jwt-provider
: https://github.com/asensei/vapor-auth-jwt
from auth.
Closing due to inactivity - feel free to reopen!
from auth.
Related Issues (20)
- Conforming Fluent models to BasicAuthenticable when username/password types are optional (i.e. String?) HOT 4
- Can not generate Xcode project HOT 2
- Protected routes can still be hit after calling `unauthenticate(_:)` HOT 4
- Should AuthenticationCache be public? HOT 2
- Stable release? HOT 3
- Route using SQLite model and SessionMiddleware timeouts when ran on ubuntu. HOT 4
- unauthenticate() should remove session when using authSessionsMiddleware
- web session cookie expired on login HOT 1
- Would it be possible to avoid depending on the Vapor package?
- Unable to remove sessions with AuthenticationSessionsMiddleware enabled HOT 3
- Problem with Auth 2.0.2 HOT 2
- /Sources/Authentication/Persist/SessionAuthenticatable.swift:44:19: error: value of type 'Request' has no member 'hasSession'; did you mean 'session'? HOT 2
- Token should be encrypted HOT 6
- Remove reliance on DatabaseKit/Fluent HOT 4
- `AuthenticationSessionsMiddleware` should use a connection pool HOT 10
- Request has no member 'hasSession' HOT 9
- Using token and session auth should not run both HOT 9
- Auth doesn't finish build with vapor 4 HOT 1
- BasicAuthenticatable for non-final classes HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from auth.