Clients usually don't need to validate tokens. I'm doing something a little special. Still, it's a pain.
On Sun, Apr 9, 2017 at 8:55 AM, 'Rupert Smith' via Elm Discuss < elm-discuss@googlegroups.com> wrote: > On Sunday, April 9, 2017 at 2:59:26 PM UTC+1, art yerkes wrote: >> >> Since this thread has risen from the grave completely, handling JWT >> validation is kind of gross in elm. >> >> https://gist.github.com/prozacchiwawa/d51b4e49e59a2aa0d3a28b328f62627d >> >> Note that this requires a version of billstclair's sha256 that disables >> internal utf-8 handling (if there's demand, I'll submit a PR). >> > > Just looking back at what I did for JWT tokens. Realised that all I had > done was to decode the token (using truqu/elm-base64) and had not validated > its MAC on the client. Not sure I need to validate on the client though - > authentication/authorization is checked on all incoming server calls and > all I need from the token is the user id, and their permission scopes. > > +1 for ArrayBuffers for Sha256 and all other encrypted binary data formats > that we might have to deal with. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Elm Discuss" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/elm-discuss/u_ui3PlDwLc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > elm-discuss+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Elm Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to elm-discuss+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
