Skip to content

Instantly share code, notes, and snippets.

View Variiuz's full-sized avatar
😰
This really should not take 19 minutes to build.

Alex. Variiuz

😰
This really should not take 19 minutes to build.
8 followers · 4 following
View GitHub Profile
@soulmachine
soulmachine / jwt-expiration.md
Last active April 9, 2024 04:12
How to deal with JWT expiration?

First of all, please note that token expiration and revoking are two different things.

  1. Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
  2. Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.

Quoted from JWT RFC:

@ygotthilf
ygotthilf / jwtRS256.sh
Last active May 8, 2024 10:31
How to generate JWT RS256 key
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
cat jwtRS256.key
cat jwtRS256.key.pub