backup/springboot-security-jwt
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Work on blog.

Browse Source
This commit is contained in:
svlada 2016-08-26 17:47:11 +02:00
parent a438d0793b
commit 46de95ea2b
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
etc/blog.md
View File

@ -457,6 +457,14 @@ Token based authentication schema's became immensely popular in recent times, as
4. Reduced load on authorization server 4. Reduced load on authorization server
5. No need for distributed session store 5. No need for distributed session store
Some trade-offs have to be made with this approach:
1. More vulnerable to XSS attacks
2. Access token can contain outdated authorization claims (e.g when some of the user privileges is revoked)
3. Access tokens can grow in size in case of increased number of claims
4. File download API can be tricky to implement
In this article we'll explain approach where JWT's are used for token based authentication. In this article we'll explain approach where JWT's are used for token based authentication.
Authentication flow is very simple: Authentication flow is very simple: