Stefan Aebischer

icon indicating a website link https://pixtron.ch

icon company Pixtron icon location Zurich, Switzerland icon location I’m Stefan 👋, a freelance frontend developer based in Zurich, Switzerland.

Results 27 comments of Stefan Aebischer

Disallow None algorithm by default

> only if secretOrKeyProvider is set to a function that sets a non truthy value for secretOrKey (eg (req, token, cb) => cb()), I could get unsigned tokens to be...

Disallow None algorithm by default

> Does this mean that a secret is now always required? I have a use case to use a JWT that is unsigned (None algorithm). Is there any way to...

[v5] createSystemObservable utility

> What's the most motivating use case for this? There was a question "how to persists parent's state when children change" in discord today. Observers of the parent actor won't...

[v5] Resumable promise logic

> If we remove the first parameter, then 1) we don't have explicit names for steps Maybe `name` could be inferred from named functions, and overridden by `name` attribute? ```ts...

[v5] Resumable promise logic

> I guess depending 'name' property of constructor or instance could make confusion for production as names are mingled formally? That might indeed be problematic for visualization.

feat: add hashed refresh tokens

> For backward compatibility the non-hashed version is also looked up @hf Couldn't an attacker just send the hashed token (from DB) as the non-hashed token (in Request) and mint...

JWT verification for auth code or PKCE flow

Have a look at this example: https://github.com/auth0/node-jwks-rsa/blob/master/examples/passport-demo/README.md