Details
-
Improvement
-
Status: In Progress
-
Major
-
Resolution: Unresolved
-
2.5.0-beta1
Description
Currently there is little to no documentation on the structure and use of security tokens in Shindig. A lot of questions come through on the dev list about security tokens and the information they contain and we have no common set of resources to point people to. I'd like to create documentation to cover the following topics and add it to the wiki:
- The role of security tokens, both container and gadget
- What information should be in a security token
- How and when that information is used
- How to secure security tokens via encryption
- How security tokens get refreshed, both container and gadget
- Gotchas that could leave your app insecure (e.g. how tokens can be compromised and what the impact could be)
If there's any other information that should be included, feel free to leave a suggestion.