syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: Obtain JWT token
Date Tue, 13 Jun 2017 15:28:59 GMT
On 13/06/2017 17:25, Colm O hEigeartaigh wrote:
> Thanks Francesco, I will take care of that.

Cool :-)

> Another question - do we have tests (e.g. bad signature, untrusted signature, token expired
etc.)?

No, we don't have specific tests for that: since we're using CXF 
libraries for parse and generation, I thought it was not necessary, but 
feel free to add.

Regards.

> On Tue, Jun 13, 2017 at 4:21 PM, Francesco Chicchiriccò <ilgrosso@apache.org>
wrote:
>
>> On 13/06/2017 17:17, Colm O hEigeartaigh wrote:
>>
>>> Hi all,
>>>
>>> The docs state that "X-Syncope-Token is returned on response to successful
>>> authentication
>>> <https://syncope.apache.org/docs/reference-guide.html#rest-
>>> authentication-and-authorization>,
>>> and contains the unique signed JSON Web Token
>>> <https://en.wikipedia.org/wiki/JSON_Web_Token> identifying the
>>> authenticated user".
>>>
>>> However with, e.g. curl -I -u alice:security
>>> http://localhost:8080/syncope/rest/users/self I don't see the
>>> X-Syncope-Token header being returned (Syncope 2.0.4-SNAPSHOT).
>>>
>>> Do I need to explicitly configure returning the token or am I missing
>>> something else?
>>>
>> The endpoint for obtaining the JWT is
>>
>> POST /accessTokens/login
>>
>> Maybe it is an idea to add an example to that section in the docs.
>>
>> Regards.

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
View raw message