Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

inject secret for jwt at deployment #7

Closed
volodymyrss opened this issue Feb 23, 2021 · 2 comments
Closed

inject secret for jwt at deployment #7

volodymyrss opened this issue Feb 23, 2021 · 2 comments
Assignees
@volodymyrss
Labels
deployment
Milestone
v21.10

Comments

@volodymyrss
Copy link
Member

No description provided.

@volodymyrss volodymyrss self-assigned this Feb 23, 2021
@volodymyrss volodymyrss mentioned this issue Feb 24, 2021
Closed
@burnout87
Copy link

burnout87 commented Mar 12, 2021
edited
Loading

Does this imply that the same secret will be used for the encoding of the token across all users?

And, taking a look at the configuration of the frontend (here) the secret can be stored within the DB

@volodymyrss
Copy link
Member Author

Yes, in a given platform deployment, one secret can be used for specific communication channel.
we could also use it both for API and frontend since they work in the same way.

Technically token is not encoded with secret, it is signed.
Token itself is encoded with base64 - you can also just decode it with bas64 module.
Or you can decode it with pyjwt and not verify. at least as an option - also for tests.

@burnout87 burnout87 mentioned this issue Mar 15, 2021
Merged
@volodymyrss volodymyrss added this to the v21.05 milestone Apr 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@volodymyrss volodymyrss

Labels
deployment
Projects
None yet
Milestone
v21.10
Development

No branches or pull requests
2 participants
@burnout87 @volodymyrss