During an internship, we ported a JWT client wrapper from ColdFusion to C#, using .NET’s IdentityModel. It was part of a Boeing design practice to show off OpenAI’s code translation skills.
It was quick and easy.
But, writing a custom JWT client? That sounds like painful, agonizing fun, tbh.
Each author needs an encryption key registered with the validation server, claims are provided per-user per-use-case, invalid claims need to be rejected, and each server receiving requests needs to know what claims they're authorized to process - this only scratches the surface.
It's not very difficult. I did it a decade ago when we wanted to use it for a server and there weren't many community libraries yet. I just pulled up RFC 7519, read it and then made it. It's a very simple standard. I don't know how people do it wrong.
Oh man, last time I had that thought I ended up writing a JWE and JWS library first because everyone does signed JWT but almost nobody does encrypted JWT and I had regrets
great idea. Don't believe the haters! And don't forget to run the web service on your home network to save on cloud costs! Here's a pro tip for ease of installation: you don't have to fiddle around with ports, if you just forward all of them!
Comments
It was quick and easy.
But, writing a custom JWT client? That sounds like painful, agonizing fun, tbh.
And then I stopped
• new token format
• new IdP endpoints for your tokens
• world domination 🙌
(keep getting away with this)
https://datatracker.ietf.org/doc/html/rfc7519
Sure, I think you could probably figure that out 😉
I would star the github