|
|
|
|
|
|
by tracker1
2315 days ago
|
|
|
I tend to just implement minimal JWT myself... auth server issues token, all services expect an authentication-bearer header with one. Also, pinning the algorithm and allowed keys is absolutely important. I'm also not a fan of "sessions" other than at the client, they tend to fail at scale. |
|
|