You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First, thanks for putting bottle-jwt in the open! It really helped me.
However, there is one thing which I think might be improved.
JWTs are a great authentication mechanism. They give you a structured and stateless way to declare a user and what they can access. They can be cryptographically signed and encrypted to prevent tampering on the client side.
In this plugin's code it is not the case. Suppose I want to store my user info in some kind of persistent storage, then I implement a custom backend which saves the info to let's say MongoDB.
Every time the plugin validates the token it calls:
user = self.backend.get_user(...)
Which calls the database. This isn't stateless, and further. It retrieves information which should already found in the token itself.
IMHO user = self.backend.get_user(...) should only be called in create_token
and validate should only validate with jwt.decode
The text was updated successfully, but these errors were encountered:
First, thanks for putting bottle-jwt in the open! It really helped me.
However, there is one thing which I think might be improved.
From https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage.
In this plugin's code it is not the case. Suppose I want to store my user info in some kind of persistent storage, then I implement a custom backend which saves the info to let's say MongoDB.
Every time the plugin validates the token it calls:
Which calls the database. This isn't stateless, and further. It retrieves information which should already found in the token itself.
IMHO
user = self.backend.get_user(...)should only be called increate_tokenand validate should only validate with
jwt.decodeThe text was updated successfully, but these errors were encountered: