syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò (JIRA) <j...@apache.org>
Subject [jira] [Created] (SYNCOPE-1035) JWT-based access to REST services
Date Tue, 28 Feb 2017 16:51:45 GMT
Francesco Chicchiriccò created SYNCOPE-1035:
-----------------------------------------------

             Summary: JWT-based access to REST services
                 Key: SYNCOPE-1035
                 URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
             Project: Syncope
          Issue Type: New Feature
          Components: client, console, core
            Reporter: Francesco Chicchiriccò
            Assignee: Francesco Chicchiriccò
             Fix For: 2.0.3, 2.1.0


Since the beginning, access to the REST services is protected via Basic Authentication, with
credentials sent along each and every request.

As improvement, we can switch to an architecture where there is an explicit REST service for
obtaining some sort of token (requiring credentials) and then all other REST services can
be accessed by sending along such token instead of credentials.
This will ease future works for enabling SSO via SAML, OAuth 2.0 or other standards.

About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are quite the default
choice, especially considering the support that CXF already provides for that.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message