On Sunday, April 9, 2017 at 2:59:26 PM UTC+1, art yerkes wrote: > > Since this thread has risen from the grave completely, handling JWT > validation is kind of gross in elm. > > https://gist.github.com/prozacchiwawa/d51b4e49e59a2aa0d3a28b328f62627d > > Note that this requires a version of billstclair's sha256 that disables > internal utf-8 handling (if there's demand, I'll submit a PR). >
Just looking back at what I did for JWT tokens. Realised that all I had done was to decode the token (using truqu/elm-base64) and had not validated its MAC on the client. Not sure I need to validate on the client though - authentication/authorization is checked on all incoming server calls and all I need from the token is the user id, and their permission scopes. +1 for ArrayBuffers for Sha256 and all other encrypted binary data formats that we might have to deal with. -- You received this message because you are subscribed to the Google Groups "Elm Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
