[
https://issues.apache.org/jira/browse/SYNCOPE-1035?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15894045#comment-15894045
]
ASF subversion and git services commented on SYNCOPE-1035:
----------------------------------------------------------
Commit 86a2a4ebe4d08d8d6053f88c860b55f40606c826 in syncope's branch
refs/heads/2_0_X from [~ilgrosso]
[ https://git-wip-us.apache.org/repos/asf?p=syncope.git;h=86a2a4e ]
[SYNCOPE-1035] Some documentation
> JWT-based access to REST services
> ---------------------------------
>
> Key: SYNCOPE-1035
> URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
> Project: Syncope
> Issue Type: New Feature
> Components: client, console, core
> Reporter: Francesco Chicchiriccò
> Assignee: Francesco Chicchiriccò
> Labels: rest
> Fix For: 2.0.3, 2.1.0
>
>
> Since the beginning, access to the REST services is protected via Basic
> Authentication, with credentials sent along each and every request.
> As improvement, we can switch to an architecture where there is an explicit
> REST service for obtaining some sort of token (requiring credentials) and
> then all other REST services can be accessed by sending along such token
> instead of credentials.
> This will ease future works for enabling SSO via SAML, OAuth 2.0 or other
> standards.
> About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are
> quite the default choice, especially considering the support that CXF already
> provides for that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
