You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 20, 2024. It is now read-only.
The current token service issues JWT tokens as part of the OAuth 2.0 specification to support API security. In the microservices architecture, there are some requirements to transfer information in a way that can guarantee the information is not changed in a chain of pass-through services. This is a very suitable use case for JWT signing. The provider sends a JSON object to a service and get a JWT token out of it and send to a chain of microservices, then the consumer can verify that nothing has been changed in the content of the token by verifying the token signature.
In the light platform, it is natural to provide an extra endpoint in the light-oauth2 token service to sign a JWT with the passed in JSON payload. Also, we can provide a middleware handler to verify the token and put the payload into the exchange at the consumer service to allow business logic based on the token payload.
A new endpoint will be added to the token service as /oauth2/signing
This is a post method and the request body will be a JSON.
The payload is part the body.
An expiration date must be part of the body to control the JWT expiration
A default expiration should be set if there is no input from the body. 10 minutes?
The format is a standard JWT with the claim is the payload of JSON.
The scope is not part of it as it is not a security token so that it won't be confused as a security token.
The text was updated successfully, but these errors were encountered:
The current token service issues JWT tokens as part of the OAuth 2.0 specification to support API security. In the microservices architecture, there are some requirements to transfer information in a way that can guarantee the information is not changed in a chain of pass-through services. This is a very suitable use case for JWT signing. The provider sends a JSON object to a service and get a JWT token out of it and send to a chain of microservices, then the consumer can verify that nothing has been changed in the content of the token by verifying the token signature.
In the light platform, it is natural to provide an extra endpoint in the light-oauth2 token service to sign a JWT with the passed in JSON payload. Also, we can provide a middleware handler to verify the token and put the payload into the exchange at the consumer service to allow business logic based on the token payload.
The text was updated successfully, but these errors were encountered: