I have a platform that I'm building, this platformed is designed to be very modular and each component manages its state, now one key component of my platform is a JWT Token that I have linked to a specific process, and the user that started the process, the platform is fairly large, it has multiple apps and processes. The JWT is a key component because it serves as a transport to get metadata for each process securely; it is the transport that is sent across the components.
Now, my issue, I need to have this JWT somewhere that it can be accessed all through the flask request context, the easiest solution is to store it in the session. Now here comes the problems, as you can imagine:
1, even though the JWT has several layers of encryption and is signed, having it in session might not be the best in terms of security.2 As the JWT is pretty big, I'm constantly reaching the header max-length, which ends up causing several issues
One Idea that I had was to create a JWTProcessManager, this class can hold all the helper and validation methods that I use on the JWT, sounds like a good idea, but that is not my doubt
Does anyone have any idea how I can make this JWTProcessManager accessible across the platform? We are talking about 30 files that interact with this JWT, and it is called for comparison, validation, and meta extraction in around 50 places in each file
I thought about flask g, but I'm not sure flask g can hold an entire class obj
Wondering if anyone has any ideas, because if not, the only thing that comes straight to mind is import it, but that might also not be the most robust solution