top | item 40342020 (no title) antfie | 1 year ago The URL contains a JWT token which is a CWE-598 security weakness of the application. Reference: https://owasp.org/www-community/vulnerabilities/Information_.... discuss order hn newest mooreds|1 year ago Haha, I know. As soon as I saw it, I decoded it and saw { "aud": "stratechery.passport.online", "azp": "HKLcS4DwShwP2YDKbfPWM1", "ent": { "uri": [ "https://stratechery.com/2024/the-great-flattening/" ] }, "exp": 1718188732, "iat": 1715596732, "iss": "https://api.passport.online/oauth", "scope": "feed:read article:read asset:read category:read entitlements", "sub": "WsrLyrr6qemVAgEGCjMm34", "use": "access" } Not sure who user WsrLyrr6qemVAgEGCjMm34 is, but thanks for sharing the article with us all!At first glance, looks like passport.online is a subscription management service: https://passport.online/ docdeek|1 year ago Pretty sure that Passport is Ben Thompson's (of Stratechery) own subscription management service. Not sure it is out in the world as a product yet. glenjamin|1 year ago Given that the token says it only allows reading of content and assets of this particular article for 1 month, it seems like this is an intentional feature for allowing subscribers to share paywalled URLs load replies (1)
mooreds|1 year ago Haha, I know. As soon as I saw it, I decoded it and saw { "aud": "stratechery.passport.online", "azp": "HKLcS4DwShwP2YDKbfPWM1", "ent": { "uri": [ "https://stratechery.com/2024/the-great-flattening/" ] }, "exp": 1718188732, "iat": 1715596732, "iss": "https://api.passport.online/oauth", "scope": "feed:read article:read asset:read category:read entitlements", "sub": "WsrLyrr6qemVAgEGCjMm34", "use": "access" } Not sure who user WsrLyrr6qemVAgEGCjMm34 is, but thanks for sharing the article with us all!At first glance, looks like passport.online is a subscription management service: https://passport.online/ docdeek|1 year ago Pretty sure that Passport is Ben Thompson's (of Stratechery) own subscription management service. Not sure it is out in the world as a product yet. glenjamin|1 year ago Given that the token says it only allows reading of content and assets of this particular article for 1 month, it seems like this is an intentional feature for allowing subscribers to share paywalled URLs load replies (1)
docdeek|1 year ago Pretty sure that Passport is Ben Thompson's (of Stratechery) own subscription management service. Not sure it is out in the world as a product yet.
glenjamin|1 year ago Given that the token says it only allows reading of content and assets of this particular article for 1 month, it seems like this is an intentional feature for allowing subscribers to share paywalled URLs load replies (1)
mooreds|1 year ago
At first glance, looks like passport.online is a subscription management service: https://passport.online/
docdeek|1 year ago
glenjamin|1 year ago