You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2017/03/02 10:58:45 UTC
[jira] [Commented] (SYNCOPE-1035) JWT-based access to REST services
[ https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15892063#comment-15892063 ]
ASF subversion and git services commented on SYNCOPE-1035:
----------------------------------------------------------
Commit 521f51a9dd2face373ed7437837a8de82a609675 in syncope's branch refs/heads/2_0_X from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=521f51a ]
[SYNCOPE-1035] Using JWT as authentication mean, obtained via initial call
> JWT-based access to REST services
> ---------------------------------
>
> Key: SYNCOPE-1035
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
> Project: Syncope
> Issue Type: New Feature
> Components: client, console, core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Labels: rest
> Fix For: 2.0.3, 2.1.0
>
>
> Since the beginning, access to the REST services is protected via Basic Authentication, with credentials sent along each and every request.
> As improvement, we can switch to an architecture where there is an explicit REST service for obtaining some sort of token (requiring credentials) and then all other REST services can be accessed by sending along such token instead of credentials.
> This will ease future works for enabling SSO via SAML, OAuth 2.0 or other standards.
> About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are quite the default choice, especially considering the support that CXF already provides for that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)