They can be encrypted, but that adds another layer of complexity, which I just don't see the need for. As I say, you might as well generate a bland token, store it in a file and manage it yourself most of the time.

Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Brad Stone <bvstone@xxxxxxxxx>
Sent: Tuesday, April 20, 2021 9:50:49 PM
To: RPG programming on IBM i <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: JWT (was: Upcoming Spring 2021 RPG enhancements)

I have to say that I don't get the "security" of JWTs to some extent. The
data in them could easily be extracted. The validation comes with a
pre-determined secret... so in other words, you shouldn't put sensitive
data in a JWT.

Is a user id, email address, account number, etc sensitive? In some cases
yes. But that was my whole argument against using them in one particular
project we were forced to.





On Tue, Apr 20, 2021 at 3:38 PM Tim Fathers <tim@xxxxxxxxxxxxx> wrote:

I know what they are, in fact I even wrote a MariaDB implementation of
them, but I decided against using them in my app for the reasons I mention
in my reply to Jon, namely, they cannot be invalidated. I get that the
federated identity might be useful, but I don't think applications of the
kind of scale we would run on an IBM i generally warrant the need for a
stateless solution, especially not at the expense of not being able to
invalidate tokens that might be being abused.

Get Outlook for Android<https://aka.ms/AAb9ysg>

________________________________
From: RPG400-L <rpg400-l-bounces@xxxxxxxxxxxxxxxxxx> on behalf of Charles
Wilt <charles.wilt@xxxxxxxxx>
Sent: Tuesday, April 20, 2021 5:37:26 PM
To: RPG programming on the AS400 / iSeries <rpg400-l@xxxxxxxxxxxxxxxxxx>
Subject: JWT (was: Upcoming Spring 2021 RPG enhancements)

On Tue, Apr 20, 2021 at 9:35 AM Tim Fathers <tim@xxxxxxxxxxxxx> wrote:

I'm curious as to why you'd want to use JWTs (unless you're having to
consume them somehow), their use case seems to be fairly limited and not
particularly suitable to systems of our scale.


Huh? I don't understand where you'd get that idea.

JSON Web Tokens (JWT) are an open, industry standard RFC 7519 method for
representing claims securely between two parties.

The rest of the world uses JWTs to among other things secure the APIs they
are building. The API is one side and the other is your selected identity
provider.

While nodejs web-services on the i could validate them, IWS or other RPG
ones currently can not.

Charles
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.