Uploaded image for project: 'Syncope'
  1. Syncope
  2. SYNCOPE-1035

JWT-based access to REST services

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.0.3, 2.1.0
    • client, console, core

    Description

      Since the beginning, access to the REST services is protected via Basic Authentication, with credentials sent along each and every request.

      As improvement, we can switch to an architecture where there is an explicit REST service for obtaining some sort of token (requiring credentials) and then all other REST services can be accessed by sending along such token instead of credentials.
      This will ease future works for enabling SSO via SAML, OAuth 2.0 or other standards.

      About the token format, it seems that JSON Web Tokens are quite the default choice, especially considering the support that CXF already provides for that.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SYNCOPE-1088 Store authorizations with access tokens

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. SYNCOPE-1100 Provide JWT expiration information to self

          • Major - Major loss of function.
          • Closed

          Activity

            People

              ilgrosso Francesco Chicchiriccò
              ilgrosso Francesco Chicchiriccò
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: