Clients usually don't need to validate tokens. I'm doing something a little special. Still, it's a pain.
On Sun, Apr 9, 2017 at 8:55 AM, 'Rupert Smith' via Elm Discuss < [email protected]> wrote: > On Sunday, April 9, 2017 at 2:59:26 PM UTC+1, art yerkes wrote: >> >> Since this thread has risen from the grave completely, handling JWT >> validation is kind of gross in elm. >> >> https://gist.github.com/prozacchiwawa/d51b4e49e59a2aa0d3a28b328f62627d >> >> Note that this requires a version of billstclair's sha256 that disables >> internal utf-8 handling (if there's demand, I'll submit a PR). >> > > Just looking back at what I did for JWT tokens. Realised that all I had > done was to decode the token (using truqu/elm-base64) and had not validated > its MAC on the client. Not sure I need to validate on the client though - > authentication/authorization is checked on all incoming server calls and > all I need from the token is the user id, and their permission scopes. > > +1 for ArrayBuffers for Sha256 and all other encrypted binary data formats > that we might have to deal with. > > -- > You received this message because you are subscribed to a topic in the > Google Groups "Elm Discuss" group. > To unsubscribe from this topic, visit https://groups.google.com/d/ > topic/elm-discuss/u_ui3PlDwLc/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Elm Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
