One-time token authentication #70
Comments
|
I noticed that the ticket-based authentication has been removed from the AP. I currently have projects that use this with JWT (which I think is a great fit for this). Is this something that will be coming back to the spec? |
|
Oh, this is a bug! Seems I accidentally dropped it during my recent refactorings .. thanks for notice! |
|
Great! Thanks. |
|
This looks like it requires authid be set by the client: "The HELLO.Options.authid|string is the authentication ID (e.g. username) the client wishes to authenticate as. For Ticket-based authentication, this MUST be provided." When we originally implemented this we were referencing the persona example which set authid on the welcome. I do see you referencing this feature here: Should I open an issue on the spec about this? |
|
Persona-based authentication used This is all not yet completely sorted out, so you might of course file an issue and ideally work on proposals and how to get this all into a cohesive design. Probably both scenarios are valid for ticket based auth: client providing auth ID plus ticket, or only ticket and auth ID being assigned. Would be best to have a list of concrete use cases for this auth method first. |
|
@mbonneau actually, So you could provide an empty string in In above issue crossbario/crossbar#232 @Paranaix was asking for being able to set effective Not sure, does above make sense? Need more text in the spec? |
|
Thanks for the reply. This makes sense. |
|
sufficiently described IMO (as part of WAMP-Ticket based authentication) |
Design and then describe "one-time token" based WAMP authentication in the "WAMP Advanced Profile" specification.
Connected issues:
The text was updated successfully, but these errors were encountered: