I find jwt a tinge too complex. On the other hand no solution for unified AAA exists on web that makes sense: HTTP is a stateless protocol.
I sometimes wish people wake up from the Oauth insanity and realize using a statefull TCP connection would drop the sessions problem.
Why use stateful protocol (Oauth) for a stateless protocol (HTTP) over a statefull protocol (TCP)?
Emitting token lasting more than 1 hour impersonating the user in an hostile environment seems quite a lot of risk (mathematically speaking)
I must be a grumpy old dev, but I kind of hear the oauth sweet song of easy secure cross security token like sirens trying to seduce me for crashing my ship on the havoc of security.
Security is a mine field. One step out of the «right way» and boom, it does not work while burning 25% of your CPU power, an hidden tax.
Oauth protocol is a multi-dimensionnal maze designed under LSD at my opinion, and I kind of feel it unsafe to take.
I find jwt a tinge too complex. On the other hand no solution for unified AAA exists on web that makes sense: HTTP is a stateless protocol.
I sometimes wish people wake up from the Oauth insanity and realize using a statefull TCP connection would drop the sessions problem.
Why use stateful protocol (Oauth) for a stateless protocol (HTTP) over a statefull protocol (TCP)?
Emitting token lasting more than 1 hour impersonating the user in an hostile environment seems quite a lot of risk (mathematically speaking)
I must be a grumpy old dev, but I kind of hear the oauth sweet song of easy secure cross security token like sirens trying to seduce me for crashing my ship on the havoc of security.
Security is a mine field. One step out of the «right way» and boom, it does not work while burning 25% of your CPU power, an hidden tax.
Oauth protocol is a multi-dimensionnal maze designed under LSD at my opinion, and I kind of feel it unsafe to take.