It's pretty much like client side cookies for sessions. On Thursday, July 9, 2015 at 10:45:30 PM UTC-7, Massimo Di Pierro wrote: > > Can you elaborate. I like the current system (I wrote it ;-) but I was > considering adding jwt. The question is, is there duplication of > functionality? Should jwt replace the current token system? pros/cons? > > On Thursday, 9 July 2015 15:02:43 UTC-5, Derek wrote: >> >> Yes, I did read up on it, and I am familiar with jwt. I do think it's >> more insecure than this. >> >> On Wednesday, July 8, 2015 at 11:16:43 PM UTC-7, Niphlod wrote: >>> >>> do you know what a jwt token is instead of just blindly bashing a >>> solution? >>> >>> >>> On Thursday, July 9, 2015 at 12:25:54 AM UTC+2, Derek wrote: >>>> >>>> The only difference between this and jwt (saying jwt tokens is like >>>> saying atm machine, it's redundant) is that jwt can be generated client >>>> side (provided the client knows the secret) and thus would be less secure >>>> than this. >>>> >>>> >>>> On Wednesday, July 8, 2015 at 1:16:31 PM UTC-7, Niphlod wrote: >>>>> >>>>> summarizing, IMHO web2py should probably implement JWT tokens >>>>> <http://jwt.io/> instead of this custom one to have it called >>>>> properly "API tokens" >>>>> >>>>
-- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
