This week our team released our third revision to the Weavy X platform: Weavy version 13.0. Though this update brought a host of small updates and optimizations, the main focus of Weavy 13 was streamlining how authentication works between apps and Weavy’s APIs.
The JWT blues
Historically Weavy has supported Single Sign On (SSO) in host applications through the use of JSON Web Tokens, also known as JWTs. JWTs have the benefit of being an open standard that is scalable, secure and efficient. The robust security of JWT was a cornerstone of how we have been able to make our APIs safe and secure enough to be compliant with even the most stringent security protocols.
Despite the many benefits there were several disadvantages to our JWT based authentication scheme, the foremost of which being its relative complexity. Not only can working with JWT be difficult for developers unfamiliar with the methodology, but incorrect configuration could lead to major security risks. These two reasons alone were motivation enough to move away from JWT.
Meet the new token
Starting with version 13, Weavy’s APIs will handle authentication using opaque access tokens. Moving to access tokens allows us to simplify the implementation of SSO while maintaining our high security standards. But don’t take our word for it:
To learn more about our new authentication system and best practices for implementation, you can visit Weavy Docs.