Security Architect and Software Engineer building secure systems in Golang/Python. I work with Kubernetes, OpenStack, and cryptographic services. Emacs & ORG mode for everything.
As for what's in the claim, I let the downstream funcs/services make sure that the user can access what they are asking for. Or you could use OAuth Scopes as well. Lots of options!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
An excellent tutorial! I also like what you wrote about context and how you can pass along information to downstream components.
Maybe I've missed this: But do you actually also check the claims? Validating the signature of the JWT is not secure enough.
Thank you! Really glad you liked it. :)
The validation of the token happens from the library I'm using github.com/lestrrat-go/jwx/blob/de.... Here's the file reference.
As for what's in the claim, I let the downstream funcs/services make sure that the user can access what they are asking for. Or you could use OAuth Scopes as well. Lots of options!