| ▲ | zdragnar 6 hours ago | |
> look for the JWT access token in a revocation list that is only accessed during sensitive, infrequent, requests I've clearly spent too much time working with data covered by HIPAA because this sentence gave me a brief bit of panic. The vagueness and extent of what it technically covers means it's far safer to just assume literally everything about your users needs maximum security. | ||
| ▲ | miiiiiike 4 hours ago | parent [-] | |
This is the eternal conversation around auth. “The thing you do doesn’t work for the thing I do.” OK. Use something else. | ||