During the meeting, it was discussed that there are two places where the kid needs to be tracked. It was emphasized that delivering the endpoint is important and that variables should not be the only focus. It was also mentioned that a random string can be used as the kid and it doesn't necessarily need to be a specific name. The kid will be used in the future to make the GPT, but it won't include the URL. A UID function built into Zeno can be used to generate a random identifier. It was advised to keep the kid within certain length constraints. There was uncertainty regarding some elements in the sample given, such as "got this", "or is different", "use sig", "NDF", and a random number. The use of the sample for signing was confirmed as not being a big issue. NDF was explained as an expiration date or start date for key rotation. The rotation of keys was discussed as a way to enhance security. The risks associated with JWTs were mentioned, including visibility, time duration, and frequency of use. It was advised not to worry too much about rotation at the current stage but to focus on having the kid available for the tech team to use. It was suggested to introduce rotation later on and use elements like expiration and m b f. The next step discussed was providing the endpoint to set up the public key, followed by signing using the private key and generating the cookie. It was stressed to not lose track of the kid, as it needs to be referenced in the JWT and other elements. The meeting then shifted to Michael's inability to transform his data, but no solution or progress was mentioned.
(Source: Office Hours 6/6 )
Join State Change Risk-Free