The parent comment isn't very helpful, but from what I understand people dislike JWTs because it makes it hard to invalidate a session without some sort of work-around. For example, you can use 2 tokens, one short lived, and one long lived to get around the invalidation problem, but then you will need to occasionally validate that both tokens are still valid, and that state needs to be stored, and now you're storing some state, which is semi-contradictory to the purpose of a stateless-token. Here's a more detailed write-up from another poster -- https://news.ycombinator.com/item?id=12332119
The way I understand it the only sane use for JWTs is for short-lived delegation of authorisation.
E.g. a user wants to talk to service A but access to that service requires certain privileges. Instead of authenticating with service A, the user authenticates with service B (e.g. using a long-lived conventional session mechanism that requires DB lookup), which issues a token the user can then pass to service B (which trusts service A the info is valid and needs no lookup to process the token). JWT standardises a format for that token.
Most uses of JWT in the wild however seem to be for authenticating the user of a (web) app with the backend of that same app, so the token is passed from the backend to itself (via the user). This use case is better suited for conventional session tokens.
At work we use JWT strictly within our own infrastructure, and opaque tokens for requests coming into our API gateway. This gives us a single point to check tokens are still valid, after which a JWT gets passed back to the backing service. The actual service internally can trust that the token it received is still good to use, in many cases not needing to do any further queries to get user details as their encoded in the token.
I've found that giving IntelliJ (or Android Studio) too much memory can actually backfire. The Java process ends up using all the memory you give it, but this also results in long GC pauses past a certain point. If you're curious, turn on the memory inidicator in the app with Settings -> Appearance -> Appearance -> Show memory indicator. I've found 2gb - 4gb to be the sweet spot depending on project size.
Mainly I'm devoting my free time to a native REST client in the vain of Postman or Insomnia. It's also been an excuse to learn the Qt framework and brush up on my C++ skills. So far, I've found C++ to be insane, but I quite like Qt.
One thing that concerns me about any 3rd party chat application is that it's difficult to know if my data is secure. Any thoughts on open sourcing your application?
Yes! I want to make it open source, from my experience that's the best option for all parties. Unfortunately it won't be possible to open source some parts of the app.
I'm setting up a company right now to increase trustworthiness. Like the home page says, no data will ever be shared with anyone and soon it will be possible to verify this.
