

Leveraging the Encrypted Token Pattern - paulmooney
http://insidethecpu.com/2013/09/23/encrypted-token-pattern/

======
chatmasta
Maybe I missed something, but I was surprised there was no mention of JSON Web
Tokens (JWT). See [0] (overview) and [1] (example usage).

[0] [http://self-issued.info/docs/draft-ietf-oauth-json-web-
token...](http://self-issued.info/docs/draft-ietf-oauth-json-web-token.html)

[1] [https://github.com/mattupstate/flask-
jwt](https://github.com/mattupstate/flask-jwt)

~~~
cjlarose
At the time of writing (September 2013), the JWT spec would have been only on
it's 12th draft--it's had 19 follow-up drafts since then. It's possible that
the author didn't know about them at all.

~~~
paulmooney
As you say, the JWT spec was not as mature at the time of writing.

~~~
chatmasta
(Assuming you're the author -- who knows though.) Now that the JWT spec is
mature and there are some nice implementations of it, do you think it's a good
option for token-based authentication?

~~~
paulmooney
Yes, I'm the author. Long as the JWT spec implements a strong method of
encryption , it's a good option.

------
duergner
Did I miss something in that pattern or is this just some kind of OAuth2.0
Bearer Token implementation within one domain?

~~~
paulmooney
There is no explicit relationship between this pattern and OAuth. The
structure of the token itself is open for extension. The pattern focuses on
the manner in which the token is leveraged.

