[ https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15892064#comment-15892064 ]
ASF subversion and git services commented on SYNCOPE-1035: ---------------------------------------------------------- Commit 32af0320d9d426bb34fc5a69287b5e19a0630ad3 in syncope's branch refs/heads/master from [~ilgrosso] [ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=32af032 ] [SYNCOPE-1035] Using JWT as authentication mean, obtained via initial call > JWT-based access to REST services > --------------------------------- > > Key: SYNCOPE-1035 > URL: https://issues.apache.org/jira/browse/SYNCOPE-1035 > Project: Syncope > Issue Type: New Feature > Components: client, console, core > Reporter: Francesco Chicchiriccò > Assignee: Francesco Chicchiriccò > Labels: rest > Fix For: 2.0.3, 2.1.0 > > > Since the beginning, access to the REST services is protected via Basic > Authentication, with credentials sent along each and every request. > As improvement, we can switch to an architecture where there is an explicit > REST service for obtaining some sort of token (requiring credentials) and > then all other REST services can be accessed by sending along such token > instead of credentials. > This will ease future works for enabling SSO via SAML, OAuth 2.0 or other > standards. > About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are > quite the default choice, especially considering the support that CXF already > provides for that. -- This message was sent by Atlassian JIRA (v6.3.15#6346)