Skip to content

Instantly share code, notes, and snippets.

View thinktopdown's full-sized avatar

Adam Huda thinktopdown

58 followers · 93 following
View GitHub Profile
@soulmachine
soulmachine / jwt-expiration.md
Last active April 10, 2025 12:28
How to deal with JWT expiration?

First of all, please note that token expiration and revoking are two different things.

  1. Expiration only happens for web apps, not for native mobile apps, because native apps never expire.
  2. Revoking only happens when (1) uses click the logout button on the website or native Apps;(2) users reset their passwords; (3) users revoke their tokens explicitly in the administration panel.

1. How to hadle JWT expiration

A JWT token that never expires is dangerous if the token is stolen then someone can always access the user's data.

Quoted from JWT RFC:

@alanzeino
alanzeino / noCrashplan.swift
Last active March 5, 2021 01:30
#!/usr/bin/swift
// Run: $ swift noCrashplan.swift
// Background: https://github.com/KrauseFx/overkill/issues/3#issuecomment-270505227
import Foundation
import Cocoa
import ServiceManagement
let badApps = [ "Code42 CrashPlan", "CrashPlanService", "CrashPlanLauncher", "CrashPlanWeb" ]
@kosmakoff
kosmakoff / OAuthFlowsCheatSheet.md
Created October 18, 2016 12:22
OAuth flows cheat-sheet
  • User interaction involved
    1. Authorization code
      This grant type is most appropriate for server-side web applications. After the resource owner has authorized access to their data, they are redirected back to the web application with an authorization code as a query parameter in the URL. This code must be exchanged for an access token by the client application. This exchange is done server-to-server and requires both the client_id and cli ent_secret, preventing even the resource owner from obtaining the access token. This grant type also allows for long-lived access to an API by using refresh tokens.
    2. Implicit grant for browser-based client-side applications
      The implicit grant is the most simplistic of all flows, and is optimized for clientside web applications running in a browser. The resource owner grants access to the application, and a new access token is immediately minted and passed back to the application using a #hash fragment in the URL. The application can immediately e
@benhowes
benhowes / info.md
Last active March 22, 2021 12:49
Simple JWT decoder

Gets a JS object which contains the decoded body of the JWT. For now I am pasting this in to postman tests when I need to get JWT decoding

#Important Does not validate the token at all!

@ryanflorence
ryanflorence / folder-structure.md
Last active April 16, 2025 00:07

Folder Structure

Please note

While this gist has been shared and followed for years, I regret not giving more background. It was originally a gist for the engineering org I was in, not a "general suggestion" for any React app.

Typically I avoid folders altogether. Heck, I even avoid new files. If I can build an app with one 2000 line file I will. New files and folders are a pain.

@Kartones
Kartones / postgres-cheatsheet.md
Last active May 8, 2025 09:19
PostgreSQL command line cheatsheet

PSQL

Magic words:

psql -U postgres

Some interesting flags (to see all, use -h or --help depending on your psql version):

  • -E: will describe the underlaying queries of the \ commands (cool for learning!)
  • -l: psql will list all databases and then exit (useful if the user you connect with doesn't has a default database, like at AWS RDS)
@mislav
mislav / aprompt.png
Last active February 11, 2024 06:40
My zsh prompt. No oh-my-zsh needed
aprompt.png
@andymatuschak
andymatuschak / NSObject+BlockObservation.h
Created July 23, 2009 22:11
KVO+Blocks
//
// NSObject+BlockObservation.h
// Version 1.0
//
// Andy Matuschak
// [email protected]
// Public domain because I love you. Let me know how you use it.
//
#import <Cocoa/Cocoa.h>