Skip to content

Technical Question: should we use a JWT for AUTH_API_KEY? #268

Closed
Closed
Technical Question: should we use a JWT for AUTH_API_KEY?#268
Assignees
nelsonicLuchoTurtle
Labels
T25mTime Estimate 25 MinutesdiscussShare your constructive thoughts on how to make progress with this issuedocumentationImprovements or additions to documentationhelp wantedIf you can help make progress with this issue, please comment!priority-1Highest priority issue. This is costing us money every minute that passes.questionA question needs to be answered before progress can be made on this issueresearchResearch required; be specifictechnicalA technical issue that requires understanding of the code, infrastructure or dependencies
@nelsonic

Description

@nelsonic
nelsonic
opened on Feb 9, 2023

At present an AUTH_API_KEY has the format:

88SwQDWYGmiDACVRaBGqQghzLd5jfX7YynefCJ8M/88SwQH8CEDWzWSq7PyWe7ADpjYCpmczr5zyTK4d/authdemo.fly.dev

Note: this is not a valid key. but the format is correct.

The reason I wet with this and still like it is because it's human-readable
and immediately obvious which environment (auth instance) it's for; in this case: authdemo.fly.dev
So if I see this key in my .env file or environment variable, I know exactly what it's for. 👌
I think this has a pretty major advantage in terms of Developer Experience ... 💭

But equally it has a disadvantage: no embedded info like expiry.
We outlined the benefits of JWTs in our mega-popular doc: https://github.com/dwyl/learn-json-web-tokens
And we are using them in auth for session tokens:

dwyl-mvp-jwt

auth/lib/auth_web/controllers/auth_controller.ex

Line 200 in 83c286a

|> AuthPlug.create_jwt_session(session_data(person, conn.assigns.sid))

So my question is: should the next version of auth (and auth_plug) use a JWT as the AUTH_API_KEY?
Will having a JWT for the AUTH_API_KEY and a different JWT for session token be confusing to devs? 🤷‍♂️
Are we missing something?

Please let me know your thoughts ... 💭 🙏

Metadata

Metadata

Assignees

Labels

T25mTime Estimate 25 MinutesdiscussShare your constructive thoughts on how to make progress with this issuedocumentationImprovements or additions to documentationhelp wantedIf you can help make progress with this issue, please comment!priority-1Highest priority issue. This is costing us money every minute that passes.questionA question needs to be answered before progress can be made on this issueresearchResearch required; be specifictechnicalA technical issue that requires understanding of the code, infrastructure or dependencies

Type

No type

Projects

dwyl app kanban

Status

✅ Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions