There is only one correct pronunciation of #JWT

Slowly moving the brain to play #JWT #JWT in the background. Next few weeks will be into the land of JWTs via both #rust and #python.

Today, it's exactly one month since I released #swad 0.11. And I'm slowly closing in on releasing 0.12.

The change to a "multi #reactor" design was massive. It pays off though. On the hardware that could reach a throughput of roughly 1000 requests per second, I can now support over 3000 r/s, and when disabling #TLS, 10 times as much. Most of the time, I spent with "detective work" to find the causes for a variety of crashes, and now I'm quite confident I found them all, at least on #FreeBSD with default options. As 0.11 still has a bug affecting for example the #epoll backend on #Linux, expect to see swad 0.12 released very very soon.

I'm still not perfectly happy with RAM consumption (although that could also be improved by explicitly NOT releasing some objects and reusing them instead), and there are other things that could be improved in the future, e.g. experiment with how to distribute incoming connections to the worker threads, so there's not one "loser" that always gets slowed down massively by all the others. Or design and implement alternative #JWT #signature algorithms besides #HS256 which could enable horizontal scaling via load balancing. Etc. But I think the improvements for now are enough for a release.

Let's support kids.

By "kids", I of course mean support for Key IDs (kids) in JWT assertions (IETF rfc7515 JSON Web Signature - JWS compliant)

Of course, I also mean #FreePalestine, and #SayNoToGenocide

For a full writeup:

https://dev.to/galtzo/ann-oauth2-v2012-w-support-for-kids-57be

The Curious Case of the Tampered Token
https://myfear.substack.com/p/jwt-quarkus-murder-mystery
#Java #Quarkus #JWT #Security #Microprofile

Unlocking the Gates: REST API Authentication Methods for Modern Security – Source: securityboulevard.com https://ciso2ciso.com/unlocking-the-gates-rest-api-authentication-methods-for-modern-security-source-securityboulevard-com/ #rssfeedpostgeneratorecho #SecurityBloggersNetwork #CyberSecurityNews #SecurityBoulevard #Identity&Access #authentication #BestPractices #Developers #Security #DevOps #Future #api #jwt

Ah, yes, the riveting tale of JWT's "epic" decade-long #journey through the digital wilderness, where it single-handedly transformed the world of JSON-based tokens... or at least, that's what Mike wants us to believe. So, buckle up for another thrilling decade of self-congratulatory musings and cryptographic jargon.
https://self-issued.info/?p=2708 #JWT #DigitalTokens #CryptoCulture #JSONAdventure #HackerNews #ngated

Several years ago, I was working on our local #OIDC identity provider at work ... part of which was looking at a #JWT (JSON Web Token) quite frequently.

Now I implemented JWT myself (from the ground up in pure #C) for #swad to make it independent of sessions.

Well, dejavu here ... even back then, I always chuckled a bit how every JWT basically says "ey ... EY!" to me (see it? *scnr*)