Details
-
Story
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
For both app and admin users, an endpoint should exist that allows a bearer token to be validated. It should include email address, username, and UUID of the user so that identity can be validated as well as the token. For extra credit, if the username/uuid/email were passed in as part of the validation claim, then Usergrid would check the user's record and only return a 200 if the supplied info matched (ignoring case).
While it is possible to call `…/management/token` and `…/management/me`, both return a complex user object and are not appropriate for token validation given that they generate a new token every time, effectively decreasing the entropy with each validation call. (Also, this suggests that this GET request is non-idempotent as it changes the system state, even if that change is subtle.)
Alternatively, if Usergrid tokens were self-signed in a way that could be independently validated (such as a JWT), that would provide some architectural benefits when using Usergrid as an identity service beyond pure BaaS.