social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.6K
active users

#jwt

2 posts2 participants0 posts today
Phil<p>Moonscape. <br>.<br><a href="https://mastodon.social/tags/photography" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>photography</span></a> <a href="https://mastodon.social/tags/landscape" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>landscape</span></a> <a href="https://mastodon.social/tags/bnw" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bnw</span></a> <a href="https://mastodon.social/tags/monochrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monochrome</span></a> <a href="https://mastodon.social/tags/moon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>moon</span></a> <a href="https://mastodon.social/tags/moonscape" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>moonscape</span></a> <a href="https://mastodon.social/tags/mars" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mars</span></a> <a href="https://mastodon.social/tags/space" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>space</span></a> <a href="https://mastodon.social/tags/hubble" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hubble</span></a> <a href="https://mastodon.social/tags/jameswebb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jameswebb</span></a> <a href="https://mastodon.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://mastodon.social/tags/jameswebbspacetelescope" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jameswebbspacetelescope</span></a> <a href="https://mastodon.social/tags/startrek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>startrek</span></a> <a href="https://mastodon.social/tags/starwars" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>starwars</span></a></p>
Kushal Das :python: :tor:<p>In <a href="https://toots.dgplug.org/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a> / <a href="https://toots.dgplug.org/tags/rustlang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rustlang</span></a> I have a <a href="https://toots.dgplug.org/tags/HTTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTP</span></a> endpoint (<a href="https://toots.dgplug.org/tags/actix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>actix</span></a>) , where for a given query, it fetches <a href="https://toots.dgplug.org/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> from the given parameter (URLS) and validates, puts some logic and returns the result. How to write unittest for this care in rust?</p>
𝕂𝚞𝚋𝚒𝚔ℙ𝚒𝚡𝚎𝚕<p>JWTs Are Not Session Tokens , Stop Using Them Like One</p><p>When JSON Web Tokens (JWTs) hit the mainstream, they were hailed as the solution to everything wrong with session management. Stateless! Compact! Tamper-proof! Suddenly, everyone started stuffing them into every web app like ketchup on bad code.</p><p>🧑‍💻 <a href="https://archive.fo/01UkP" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">archive.fo/01UkP</span><span class="invisible"></span></a></p><p><a href="https://chaos.social/tags/json" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>json</span></a> <a href="https://chaos.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://chaos.social/tags/webdev" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webdev</span></a> <a href="https://chaos.social/tags/token" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>token</span></a> <a href="https://chaos.social/tags/web" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>web</span></a> <a href="https://chaos.social/tags/code" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>code</span></a> <a href="https://chaos.social/tags/bad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bad</span></a> <a href="https://chaos.social/tags/badcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>badcode</span></a> <a href="https://chaos.social/tags/WebTokens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebTokens</span></a> <a href="https://chaos.social/tags/ketchup" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ketchup</span></a></p>
BeyondMachines :verified:<p>There is only one correct pronunciation of <a href="https://infosec.exchange/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a></p>
Kushal Das :python: :tor:<p>Slowly moving the brain to play <a href="https://toots.dgplug.org/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://toots.dgplug.org/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> in the background. Next few weeks will be into the land of JWTs via both <a href="https://toots.dgplug.org/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rust</span></a> and <a href="https://toots.dgplug.org/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a>.</p>
Jobs for Developers<p>SoundHound is hiring Senior Software Engineer</p><p>🔧 <a href="https://mastodon.world/tags/java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>java</span></a> <a href="https://mastodon.world/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a> <a href="https://mastodon.world/tags/typescript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>typescript</span></a> <a href="https://mastodon.world/tags/react" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>react</span></a> <a href="https://mastodon.world/tags/springframework" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>springframework</span></a> <a href="https://mastodon.world/tags/api" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>api</span></a> <a href="https://mastodon.world/tags/hibernate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hibernate</span></a> <a href="https://mastodon.world/tags/aws" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>aws</span></a> <a href="https://mastodon.world/tags/azure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>azure</span></a> <a href="https://mastodon.world/tags/cicd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cicd</span></a> <a href="https://mastodon.world/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://mastodon.world/tags/gcp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gcp</span></a> <a href="https://mastodon.world/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://mastodon.world/tags/kafka" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kafka</span></a> <a href="https://mastodon.world/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kubernetes</span></a> <a href="https://mastodon.world/tags/mysql" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mysql</span></a> <a href="https://mastodon.world/tags/redis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redis</span></a> <a href="https://mastodon.world/tags/seniorengineer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seniorengineer</span></a><br>🌎 Bengaluru, India<br>⏰ Full-time<br>🏢 SoundHound</p><p>Job details <a href="https://jobsfordevelopers.com/jobs/senior-software-engineer-at-soundhound-com-jun-9-2025-bb0adc?utm_source=mastodon.world&amp;utm_medium=social&amp;utm_campaign=posting" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">jobsfordevelopers.com/jobs/sen</span><span class="invisible">ior-software-engineer-at-soundhound-com-jun-9-2025-bb0adc?utm_source=mastodon.world&amp;utm_medium=social&amp;utm_campaign=posting</span></a><br><a href="https://mastodon.world/tags/jobalert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobalert</span></a> <a href="https://mastodon.world/tags/jobsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobsearch</span></a> <a href="https://mastodon.world/tags/hiring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hiring</span></a></p>
Felix Palmen :freebsd: :c64:<p>Today, it's exactly one month since I released <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> 0.11. And I'm slowly closing in on releasing 0.12.</p><p>The change to a "multi <a href="https://mastodon.bsd.cafe/tags/reactor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>reactor</span></a>" design was massive. It pays off though. On the hardware that could reach a throughput of roughly 1000 requests per second, I can now support over 3000 r/s, and when disabling <a href="https://mastodon.bsd.cafe/tags/TLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLS</span></a>, 10 times as much. Most of the time, I spent with "detective work" to find the causes for a variety of crashes, and now I'm quite confident I found them all, at least on <a href="https://mastodon.bsd.cafe/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeBSD</span></a> with default options. As 0.11 still has a bug affecting for example the <a href="https://mastodon.bsd.cafe/tags/epoll" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>epoll</span></a> backend on <a href="https://mastodon.bsd.cafe/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>, expect to see swad 0.12 released very very soon.</p><p>I'm still not perfectly happy with RAM consumption (although that could also be improved by explicitly NOT releasing some objects and reusing them instead), and there are other things that could be improved in the future, e.g. experiment with how to distribute incoming connections to the worker threads, so there's not one "loser" that always gets slowed down massively by all the others. Or design and implement alternative <a href="https://mastodon.bsd.cafe/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://mastodon.bsd.cafe/tags/signature" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>signature</span></a> algorithms besides <a href="https://mastodon.bsd.cafe/tags/HS256" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HS256</span></a> which could enable horizontal scaling via load balancing. Etc. But I think the improvements for now are enough for a release. 😉</p>
Sam Stepanyan :verified: 🐘<p><a href="https://infosec.exchange/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a>: 'Attacking JWT using X509 Certificates': how an attacker could sign the JWT token with their own private key and modify the header value to specify their public key for signature verification:<br><a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a><br><a href="https://infosec.exchange/tags/APIsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>APIsecurity</span></a></p><p><a href="https://trustedsec.com/blog/attacking-jwt-using-x509-certificates" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">trustedsec.com/blog/attacking-</span><span class="invisible">jwt-using-x509-certificates</span></a></p>
Mariusz<p>Day 7<br>✅ 24 test suites, 153 tests passing.</p><p>Solid coverage across service and controller layers in my modular monorepo. Strict typing (TypeScript), full DTO validation, and realistic mocks across complex relations (TypeORM).</p><p>Next: fine-tuning error handling &amp; exploring e2e strategies.</p><p><a href="https://write.as/bmariusz/24-test-suites-153-tests-passing-scaling-confidence-with-every-assertion" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">write.as/bmariusz/24-test-suit</span><span class="invisible">es-153-tests-passing-scaling-confidence-with-every-assertion</span></a></p><p><a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <a href="https://techhub.social/tags/rbac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rbac</span></a> <a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Bèr Kessels 🐝 🚐 🏄 🌱<p>I've been working on and with <a href="https://mastodon.nl/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> in authorization and authentication contexts a lot recently. </p><p>This ecosystem is a mess, especially in the <a href="https://mastodon.nl/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a> corner.<br>A significant portion of implementations don't even verify the tokens they get. They just presume it's from some trusted server. It's dead easy to forge that.</p><p>Then, many more do verify, but use libraries full of features. A self-signed jwt is valid and verified. But not from e.g. the auth server you expect.</p><p>1/3</p>
Mariusz<p>Day 6<br>TL;DR: Groups, memberships, hierarchy — all dynamic now.</p><p>Released backend v0.3.0 🎉</p><p>✅ Users can belong to multiple groups with typed roles <br>✅ Groups can form hierarchical or overlapping structures <br>✅ Roles are normalized via reference types</p><p>Built with NestJS + TypeORM. Documented via Swagger.</p><p><a href="https://write.as/bmariusz/building-a-flexible-group-structure-with-nestjs-and-typeorm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">write.as/bmariusz/building-a-f</span><span class="invisible">lexible-group-structure-with-nestjs-and-typeorm</span></a></p><p><a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <a href="https://techhub.social/tags/rbac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rbac</span></a> <a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Mariusz<p>Day 5<br>TL;DR: Continued work on backend security — role-based access is now fully wired up.</p><p>✅ Got fine-grained role-based access control fully working today.</p><p>• Roles loaded from PostgreSQL <br>• Injected into JWT during login <br>• Validated via custom `@Roles()` + `RolesGuard` <br>• Authenticated via `@UseGuards(JwtAuthGuard)` globally <br>• Introduced `@Public()` decorator to bypass guards for public endpoints <br>• Swagger supports Bearer token for testing </p><p>Took a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.</p><p>Modular, clean, and no magic. Feels good. 👌</p><p>more on: <a href="https://write.as/bmariusz/continuation-securing-routes-with-jwt-and-role-based-access-control" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">write.as/bmariusz/continuation</span><span class="invisible">-securing-routes-with-jwt-and-role-based-access-control</span></a><br><a href="https://techhub.social/tags/CloudNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudNative</span></a> <a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <br><a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Mariusz<p>Day 4</p><p>TL;DR: Full Swagger docs + JWT auth with registration and login are live.</p><p>Today’s work focused on two key improvements.</p><p>1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.</p><p>2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.</p><p><a href="https://techhub.social/tags/CloudNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudNative</span></a> <a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <br><a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
|7eter l-|. l3oling 🧰<p>:ruby: Let's support kids.</p><p>By "kids", I of course mean support for Key IDs (kids) in JWT assertions (IETF rfc7515 JSON Web Signature - JWS compliant)</p><p>Of course, I also mean <a href="https://ruby.social/tags/FreePalestine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreePalestine</span></a>, and <a href="https://ruby.social/tags/SayNoToGenocide" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SayNoToGenocide</span></a></p><p>For a full writeup:</p><p><a href="https://dev.to/galtzo/ann-oauth2-v2012-w-support-for-kids-57be" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.to/galtzo/ann-oauth2-v2012</span><span class="invisible">-w-support-for-kids-57be</span></a></p><p><a href="https://ruby.social/tags/Ruby" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ruby</span></a> <a href="https://ruby.social/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://ruby.social/tags/Oauth2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Oauth2</span></a></p>
Markus Eisele<p>The Curious Case of the Tampered Token <br><a href="https://myfear.substack.com/p/jwt-quarkus-murder-mystery" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">myfear.substack.com/p/jwt-quar</span><span class="invisible">kus-murder-mystery</span></a><br><a href="https://mastodon.online/tags/Java" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Java</span></a> <a href="https://mastodon.online/tags/Quarkus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Quarkus</span></a> <a href="https://mastodon.online/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://mastodon.online/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://mastodon.online/tags/Microprofile" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microprofile</span></a></p>
Hacker News<p>Ten Years of JSON Web Token (JWT) and Preparing for the Future</p><p><a href="https://self-issued.info/?p=2708" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">self-issued.info/?p=2708</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/JSONWebToken" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JSONWebToken</span></a> <a href="https://mastodon.social/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> <a href="https://mastodon.social/tags/TenYears" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TenYears</span></a> <a href="https://mastodon.social/tags/TechTrends" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechTrends</span></a> <a href="https://mastodon.social/tags/FuturePreparation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FuturePreparation</span></a></p>
Felix Palmen :freebsd: :c64:<p>Several years ago, I was working on our local <a href="https://mastodon.bsd.cafe/tags/OIDC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OIDC</span></a> identity provider at work ... part of which was looking at a <a href="https://mastodon.bsd.cafe/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> (JSON Web Token) quite frequently.</p><p>Now I implemented JWT myself (from the ground up in pure <a href="https://mastodon.bsd.cafe/tags/C" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>C</span></a>) for <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> to make it independent of sessions.</p><p>Well, dejavu here ... even back then, I always chuckled a bit how every JWT basically says "ey ... EY!" to me 🤪 🤡 (see it? *scnr*)</p><p><a href="https://mastodon.bsd.cafe/tags/coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coding</span></a> <a href="https://mastodon.bsd.cafe/tags/nonsense" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nonsense</span></a></p>
Jobs for Developers<p>Cloudflare is hiring Principal Billing Systems Engineer</p><p>🔧 <a href="https://mastodon.world/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a> <a href="https://mastodon.world/tags/api" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>api</span></a> <a href="https://mastodon.world/tags/docker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>docker</span></a> <a href="https://mastodon.world/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://mastodon.world/tags/kafka" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kafka</span></a> <a href="https://mastodon.world/tags/kubernetes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kubernetes</span></a> <a href="https://mastodon.world/tags/mysql" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mysql</span></a> <a href="https://mastodon.world/tags/postgresql" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>postgresql</span></a> <a href="https://mastodon.world/tags/redis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redis</span></a> <a href="https://mastodon.world/tags/sql" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sql</span></a> <a href="https://mastodon.world/tags/principalengineer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>principalengineer</span></a><br>🌎 Remote<br>⏰ Full-time<br>🏢 Cloudflare</p><p>Job details <a href="https://jobsfordevelopers.com/jobs/principal-billing-systems-engineer-at-cloudflare-com-may-6-2025-50fd8b?utm_source=mastodon.world&amp;utm_medium=social&amp;utm_campaign=posting" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">jobsfordevelopers.com/jobs/pri</span><span class="invisible">ncipal-billing-systems-engineer-at-cloudflare-com-may-6-2025-50fd8b?utm_source=mastodon.world&amp;utm_medium=social&amp;utm_campaign=posting</span></a><br><a href="https://mastodon.world/tags/jobalert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobalert</span></a> <a href="https://mastodon.world/tags/jobsearch" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobsearch</span></a> <a href="https://mastodon.world/tags/hiring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hiring</span></a></p>
Felix Palmen :freebsd: :c64:<p>More progress, I decoupled the challenge for the <a href="https://mastodon.bsd.cafe/tags/Anubis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anubis</span></a>-like proof-of-work checker from the <a href="https://mastodon.bsd.cafe/tags/session" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>session</span></a>. Again doing something slightly similar to what Anubis does: Instead of a completely random challenge, create it by hashing some data making it reproducible:</p><p>* an expiry timestamp<br>* the remote address (the real one obtained from proxy headers)<br>* the user-agent<br>* Accept, Accept-Language and Accept-Encoding</p><p>The challenge now expires after 2 minutes. The client has to post back the expiry timestamp so the exact same challenge can be reproduced for validation.</p><p>Still some work to do for making <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> "session-less". Next step, decouple the rate-limiter for failed logins, then finally move to storing all auth info in a signed <a href="https://mastodon.bsd.cafe/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a>.</p>
Felix Palmen :freebsd: :c64:<p>This is going nice so far, I can now correctly sign my <a href="https://mastodon.bsd.cafe/tags/JWT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>JWT</span></a> (using <a href="https://mastodon.bsd.cafe/tags/LibreSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LibreSSL</span></a> of course, so OpenSSL/LibreSSL will probably be an unconditional dependency for <a href="https://mastodon.bsd.cafe/tags/swad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swad</span></a> in the next release)</p>