angular-sailsjs-boilerplate icon indicating copy to clipboard operation
angular-sailsjs-boilerplate copied to clipboard

Published 20 hours ago verified publisher icon tarlepp

Need to refactor JWT auth

Open tarlepp opened this issue 9 years ago • 5 comments

And why? That's why https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

tarlepp avatar Apr 09 '15 19:04 tarlepp

So is your current implementation vulnerable or is it safe to use? Thanks.

eddieajau avatar Apr 22 '15 23:04 eddieajau

Haven't tested this, but I'm going to take a deeper look for this. Also I'm going to change that JWT part bit; basically add max age of JWT.

tarlepp avatar Apr 23 '15 19:04 tarlepp

Looks like there is a critical update for jsonwebtoken in the backend. Let me know if you need any help.

eddieajau avatar Apr 23 '15 23:04 eddieajau

Hi, thank you very much for this project, this saves me a huge amount of setup time! About this issue, is it related only to the libraries you are using ? In this case have you already updated the package.json to included the patched version? Or is it coming from your implmentation you make of jwt?

Thanks

LeonardoGentile avatar Jun 02 '15 23:06 LeonardoGentile

@LeonardoGentile Yeah, that's the plan but I really don't know when I have time for this. You guys should update jsonwebtoken to latest version.

tarlepp avatar Jun 03 '15 16:06 tarlepp