Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
red_admiral
8 months ago
|
parent
|
context
|
favorite
| on:
Why I no longer have an old-school cert on my HTTP...
Sadly JWT and friends are "standard". In theory the representation and the data are independent and you can marshal and unmarshal correctly.
In practice, "alg:none" is a headache and everyone involved should be ashamed.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
In practice, "alg:none" is a headache and everyone involved should be ashamed.