https://kotlinlang.org logo
Title
b

bdawg.io

12/29/2017, 11:15 PM
JWT with OAuth 2.0 is pretty awesome. You can validate the JWT is legit even before hitting the database with a user lookup
d

damian

12/29/2017, 11:17 PM
do you have an example on github? (in kotlin or even with ktor?)
b

bdawg.io

12/29/2017, 11:36 PM
I don’t use either. But here’s a talk that discusses API security including OAuth 2.0 with JWT for the access tokens

https://youtu.be/9CJ_BAeOmW0?-y1DRm

There’s some good content in between the 85% of rants
k

kenkyee

12/29/2017, 11:58 PM
Works fine with spring boot or vert.x with Kotlin...and yes, it's the standard. All new apps should use it...
d

dave

12/30/2017, 9:09 AM
The trick here is that, like X-B3 request tracing headers, encrypted JWT tokens can be passed from service to service transparently without messing up your APIs - you need a way of making that "request context" available to both incoming middleware and outgoing http clients.