Hacker News new | ask | show | jobs
by jacobljohnston 316 days ago
This is already something in mainstream authentication applications you host yourself on your own domain. We use Keycloak. I don't know why anyone would install a JavaScript library to do this. It's not that difficult.
2 comments
vips7L 316 days ago
I wish someone would have used keycloak at my place. They decided to write it all by hand instead.
link
danscan 316 days ago
Fair. I assume you mean asymmetric key cryptography and not JWKs in particular? JOSE is a pretty good library if you need the latter and you’re already working in JS
link
motorest 315 days ago
> Fair. I assume you mean asymmetric key cryptography and not JWKs in particular?

There's some degree of confusion in your comment. JWKs is a standard to represent cryptographic keys. It is an acronym for JSON Web key set.

> JOSE is a pretty good library (...)

JOSE is a set of standards that form a framework to securely transfer claims.

link
jacobljohnston 316 days ago
We’re using JWKs.
link
danscan 316 days ago
Ah, and just the subtle crypto API to generate keys? Or are you not generating them on the client?
link