jwt icon indicating copy to clipboard operation
jwt copied to clipboard

Published 20 hours ago verified publisher icon hapijs

feat: load token from url query parameter

Open lallenfrancisl opened this issue 2 years ago • 5 comments

Fixes #49

lallenfrancisl avatar Sep 01 '22 14:09 lallenfrancisl

I have also updated the validator and some old tests in consideration of the new parameter

lallenfrancisl avatar Sep 01 '22 14:09 lallenfrancisl

@Marsup Could you review this ?

lallenfrancisl avatar Mar 22 '23 17:03 lallenfrancisl

I'm not a fan of adding support for a use case that is likely to inadvertently expose the tokens to standard logging tools.

The url including the query part is included in most HTTP server logs, and can also easily be exposed by clients through system logs. Probably better explained in this SO answer.

kanongil avatar Mar 22 '23 18:03 kanongil

@kanongil But what about use cases like signed urls from signup links and stuff ? Isn't these best left to the user of the library ?

lallenfrancisl avatar Mar 23 '23 12:03 lallenfrancisl

@kanongil @Marsup Any chance this can be re-evalutated ?

lallenfrancisl avatar May 13 '23 11:05 lallenfrancisl