• 0 Posts
  • 14 Comments
Joined 2 years ago
cake
Cake day: June 12th, 2023

help-circle


  • What I mean to say is that Google isn’t invested in native android either. It’s been repeatedly strip mined by first-timers looking for a quick promotion and left to burn.

    Things got so bad that Google gave up on native Views and created Jetpack Compose, which has been a source of many complaints related to performance.

    In 2024 Flutter has instant hot-reload, and the “native” (but 100% bundled) solution still requires a complete reinstall on the device. In fact, Dart can compile to native code (or JIT) without an issue, yet Kotlin Native is barely in GA in the new compiler support has been lagging while the new compiler isn’t out of beta and is still poorly supported by tooling.

    Consider the absurdity: React Native is the only true native framework out of RN, Jetpack Compose, and Flutter. And all of this barely scratches the surface of the tooling problems that Flutter 99% avoids by allowing development on desktop, web or iOS simulator.








  • Here’s a simple approach:

    • Basic auth via a custom header, like X-Auth
    • JWT auth on Authorization header
    • uuid on the JWT (as a claim) that gets stored temporarily (until it expires) to allow the server to revoke the token

    Initial request -> server looks for Authorization header, falls back to X-Auth header -> generates JWT and sends back to client in Authorization header (or whatever makes sense)

    Subsequent request -> server looks for Authorization header -> checks JWT against revocation database/table and that it isn’t expired

    Subsequent request with expired token -> server returns 401, client retries using X-Auth header -> server sends back JWT on Authorization header -> client updates locally-stored JWT for future requests

    There are probably ways to make this more standard or optimal, but this is a simple approach.