I work as a Security Architect currently with focus on ETH. I mainly code in Golang, Python and TypeScript. I use (Doom) Emacs for almost everything and ORG mode for generating/publishing content.
As for what's in the claim, I let the downstream funcs/services make sure that the user can access what they are asking for. Or you could use OAuth Scopes as well. Lots of options!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
An excellent tutorial! I also like what you wrote about context and how you can pass along information to downstream components.
Maybe I've missed this: But do you actually also check the claims? Validating the signature of the JWT is not secure enough.
Thank you! Really glad you liked it. :)
The validation of the token happens from the library I'm using github.com/lestrrat-go/jwx/blob/de.... Here's the file reference.
As for what's in the claim, I let the downstream funcs/services make sure that the user can access what they are asking for. Or you could use OAuth Scopes as well. Lots of options!