Habr<p>Путеводитель по Ktor JWT auth на стороне сервера</p><p>Документация Ktor по server-jwt неполна. Если необходимо сделать что-то за рамками «Hello world», придется лезть в исходники и городить костыли. Какой-то консистентности и предсказуемости ждать не стоит, возможно, не обошлось без заговорщиков . Статья покроет необходимую базу для работы с JWT и убережет от множества подводных камней.</p><p><a href="https://habr.com/ru/articles/921076/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/921076/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/ktor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ktor</span></a> <a href="https://zhub.link/tags/backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backend</span></a> <a href="https://zhub.link/tags/kotlin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kotlin</span></a> <a href="https://zhub.link/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://zhub.link/tags/%D0%B3%D0%BE%D0%B2%D0%BD%D0%BE%D0%BA%D0%BE%D0%B4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>говнокод</span></a> <a href="https://zhub.link/tags/%D0%B0%D0%B2%D1%82%D0%BE%D1%80%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>авторизация</span></a> <a href="https://zhub.link/tags/%D0%B0%D1%83%D1%82%D0%B5%D0%BD%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%86%D0%B8%D1%8F" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>аутентификация</span></a> <a href="https://zhub.link/tags/%D0%BA%D0%BE%D1%81%D1%82%D1%8B%D0%BB%D0%B8" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>костыли</span></a> <a href="https://zhub.link/tags/authorization" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authorization</span></a> <a href="https://zhub.link/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a></p>
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
8.8Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.2
#jwt_auth
0 posts · 0 participants · 0 posts today
Mariusz<p>Day 7<br>✅ 24 test suites, 153 tests passing.</p><p>Solid coverage across service and controller layers in my modular monorepo. Strict typing (TypeScript), full DTO validation, and realistic mocks across complex relations (TypeORM).</p><p>Next: fine-tuning error handling & exploring e2e strategies.</p><p><a href="https://write.as/bmariusz/24-test-suites-153-tests-passing-scaling-confidence-with-every-assertion" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">write.as/bmariusz/24-test-suit</span><span class="invisible">es-153-tests-passing-scaling-confidence-with-every-assertion</span></a></p><p><a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <a href="https://techhub.social/tags/rbac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rbac</span></a> <a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Mariusz<p>Day 6<br>TL;DR: Groups, memberships, hierarchy — all dynamic now.</p><p>Released backend v0.3.0 🎉</p><p>✅ Users can belong to multiple groups with typed roles <br>✅ Groups can form hierarchical or overlapping structures <br>✅ Roles are normalized via reference types</p><p>Built with NestJS + TypeORM. Documented via Swagger.</p><p><a href="https://write.as/bmariusz/building-a-flexible-group-structure-with-nestjs-and-typeorm" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">write.as/bmariusz/building-a-f</span><span class="invisible">lexible-group-structure-with-nestjs-and-typeorm</span></a></p><p><a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <a href="https://techhub.social/tags/rbac" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rbac</span></a> <a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Mariusz<p>Day 5<br>TL;DR: Continued work on backend security — role-based access is now fully wired up.</p><p>✅ Got fine-grained role-based access control fully working today.</p><p>• Roles loaded from PostgreSQL <br>• Injected into JWT during login <br>• Validated via custom `@Roles()` + `RolesGuard` <br>• Authenticated via `@UseGuards(JwtAuthGuard)` globally <br>• Introduced `@Public()` decorator to bypass guards for public endpoints <br>• Swagger supports Bearer token for testing </p><p>Took a while to get the role propagation into the token right — the key was enriching the `validateUser()` result, not just fetching data from DB.</p><p>Modular, clean, and no magic. Feels good. 👌</p><p>more on: <a href="https://write.as/bmariusz/continuation-securing-routes-with-jwt-and-role-based-access-control" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">write.as/bmariusz/continuation</span><span class="invisible">-securing-routes-with-jwt-and-role-based-access-control</span></a><br><a href="https://techhub.social/tags/CloudNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudNative</span></a> <a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <br><a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Mariusz<p>Day 4</p><p>TL;DR: Full Swagger docs + JWT auth with registration and login are live.</p><p>Today’s work focused on two key improvements.</p><p>1. Swagger documentation was extended across all API layers. DTOs, entities, and controllers were enriched with `@ApiTags`, `@ApiOperation`, `@ApiResponse`, and detailed `@ApiBody` annotations — including real-life examples for request bodies.</p><p>2. JWT-based authentication was implemented. A secure registration flow was added, with password hashing via bcrypt. A login endpoint now issues access tokens containing user ID, email, and roles. All logic is encapsulated using Passport strategies (local and JWT). The next step will be protecting routes with guards and role-based access.</p><p><a href="https://techhub.social/tags/CloudNative" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudNative</span></a> <a href="https://techhub.social/tags/TypeScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TypeScript</span></a> <a href="https://techhub.social/tags/NestJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NestJS</span></a> <a href="https://techhub.social/tags/Nextjs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nextjs</span></a> <a href="https://techhub.social/tags/InsuranceTech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InsuranceTech</span></a> <a href="https://techhub.social/tags/Microservices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microservices</span></a> <a href="https://techhub.social/tags/monorepo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monorepo</span></a> <br><a href="https://techhub.social/tags/codingdays" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>codingdays</span></a> <a href="https://techhub.social/tags/swagger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>swagger</span></a> <a href="https://techhub.social/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://techhub.social/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://techhub.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Habr<p>Почему JWT — не панацея: разбор проблем сессий и безопасности</p><p>JWT для сессий: удобство или головная боль? JSON Web Token (JWT) приобрёл популярность как удобный способ аутентификации и передачи данных между клиентом и сервером. Его ценят за простоту , stateless-подход и гибкость . Однако большинство гайдов рассказывают только о плюсах, забывая о недостатках . В этой статье мы разберём основные проблемы использования JWT для хранения пользовательских сессий и обсудим более надёжные альтернативы.</p><p><a href="https://habr.com/ru/articles/884912/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/884912/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://zhub.link/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://zhub.link/tags/json_web_token" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>json_web_token</span></a> <a href="https://zhub.link/tags/%D1%81%D0%B5%D1%81%D1%81%D0%B8%D0%B8" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>сессии</span></a> <a href="https://zhub.link/tags/refresh%D1%82%D0%BE%D0%BA%D0%B5%D0%BD%D1%8B" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>refreshтокены</span></a> <a href="https://zhub.link/tags/redis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>redis</span></a> <a href="https://zhub.link/tags/api" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>api</span></a></p>
Habr<p>Мой вариант аутентификации с помощью JWT в FastAPI + React</p><p>Друзья, приветствую! В создании своих pet проектов часто возникает задача аутентификации пользователя. Это может быть связано с персональным отображением страниц, настройки доступа и т.д. В этой статье я хочу показать свое решение с помощью Python,FastApI и React.</p><p><a href="https://habr.com/ru/articles/846826/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/846826/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/python" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>python</span></a> <a href="https://zhub.link/tags/fastapi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fastapi</span></a> <a href="https://zhub.link/tags/react" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>react</span></a> <a href="https://zhub.link/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://zhub.link/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a></p>
Habr<p>JWT-аутентификация при помощи Spring Boot 3 и Spring Security 6</p><p>Переход от базовых приложений к более сложным требует использования Spring Security для обеспечения безопасности. Новая версия, Spring Security 6, изменяет некоторые базовые реализации, а русскоязычных материалов на эту тему очень мало. В этой статье мы рассмотрим JWT-аутентификацию и авторизацию с помощью Spring Boot 3 и Spring Security 6, чтобы помочь начинающем разработчикам разобраться и начать пользоваться базовым функционалом этой библиотеки. Цель данной статьи - показать, как использовать JWT-аутентификацию с API-интерфейсами.</p><p><a href="https://habr.com/ru/articles/784508/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/784508/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/spring" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spring</span></a> <a href="https://zhub.link/tags/spring_boot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spring_boot</span></a> <a href="https://zhub.link/tags/spring_security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>spring_security</span></a> <a href="https://zhub.link/tags/jwt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt</span></a> <a href="https://zhub.link/tags/jwt_auth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jwt_auth</span></a> <a href="https://zhub.link/tags/bearer_tokens" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bearer_tokens</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload