I use this library https://github.com/auth0/java-jwt <https://github.com/auth0/java-jwt>
the Apple public Keys for verification are here https://appleid.apple.com/auth/keys <https://appleid.apple.com/auth/keys> Amedeo > On 2 Jun 2020, at 14:41, Jesse Tayler via Webobjects-dev > <webobjects-dev@lists.apple.com> wrote: > > > >> On Jun 1, 2020, at 9:40 PM, Ray Kiddy <r...@ganymede.org> wrote: >> >> >> Somebody comes in to the app, I get their e-mail address and sent them an >> "invite" into the app. This is exactly as secure as any password-storage >> system that uses e-mail to reset passwords > > > This means the user has to invoke a new session by getting a link in email > each time they access? > > I suppose that link cannot be shared since it expires? > > I mean it sounds interesting, I am interested in what is going on with your > suggestion. > > Just seems like sending around links that allow people to enter directly has > various dangers and complexities itself, and I wonder what the resulting > experience is and what the level of security is. > > Isn’t this technically pushing the password back to your email login and > isn’t that really no different than the O-Auth or Apple sign in? > > Apple sign in is preferable to users because it is easy and doesn’t offer > private information to the site, Facebook login seems the same but is > reversed. Facebook login is there to let Facebook see where you login and > when so it can sell that data to advertisers. > > The idea of not using passwords at all is interesting, but I’m not sure this > would be what I’m thinking about. > > I’m going to guess this is not a bank, but what sort of service uses this > email authentication and why was it implemented? > > _______________________________________________ > Do not post admin requests to the list. They will be ignored. > Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) > Help/Unsubscribe/Update your Subscription: > https://lists.apple.com/mailman/options/webobjects-dev/amedeomantica%40me.com > > This email sent to amedeomant...@me.com
_______________________________________________ Do not post admin requests to the list. They will be ignored. Webobjects-dev mailing list (Webobjects-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/webobjects-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com