Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is already something in mainstream authentication applications you host yourself on your own domain. We use Keycloak. I don't know why anyone would install a JavaScript library to do this. It's not that difficult.


I wish someone would have used keycloak at my place. They decided to write it all by hand instead.


Fair. I assume you mean asymmetric key cryptography and not JWKs in particular? JOSE is a pretty good library if you need the latter and you’re already working in JS


> Fair. I assume you mean asymmetric key cryptography and not JWKs in particular?

There's some degree of confusion in your comment. JWKs is a standard to represent cryptographic keys. It is an acronym for JSON Web key set.

> JOSE is a pretty good library (...)

JOSE is a set of standards that form a framework to securely transfer claims.


We’re using JWKs.


Ah, and just the subtle crypto API to generate keys? Or are you not generating them on the client?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: