JWT with OAuth 2.0 is pretty awesome. You can validate the JWT is legit even before hitting the database with a user lookup
d
damian
12/29/2017, 11:17 PM
do you have an example on github? (in kotlin or even with ktor?)
b
bdawg.io
12/29/2017, 11:36 PM
I don’t use either. But here’s a talk that discusses API security including OAuth 2.0 with JWT for the access tokens
https://youtu.be/9CJ_BAeOmW0?-y1DRm▾
There’s some good content in between the 85% of rants
k
kenkyee
12/29/2017, 11:58 PM
Works fine with spring boot or vert.x with Kotlin...and yes, it's the standard. All new apps should use it...
d
dave
12/30/2017, 9:09 AM
The trick here is that, like X-B3 request tracing headers, encrypted JWT tokens can be passed from service to service transparently without messing up your APIs - you need a way of making that "request context" available to both incoming middleware and outgoing http clients.