Francesco Chicchiriccò created SYNCOPE-1035:
-----------------------------------------------
Summary: JWT-based access to REST services
Key: SYNCOPE-1035
URL: https://issues.apache.org/jira/browse/SYNCOPE-1035
Project: Syncope
Issue Type: New Feature
Components: client, console, core
Reporter: Francesco Chicchiriccò
Assignee: Francesco Chicchiriccò
Fix For: 2.0.3, 2.1.0
Since the beginning, access to the REST services is protected via Basic
Authentication, with credentials sent along each and every request.
As improvement, we can switch to an architecture where there is an explicit
REST service for obtaining some sort of token (requiring credentials) and then
all other REST services can be accessed by sending along such token instead of
credentials.
This will ease future works for enabling SSO via SAML, OAuth 2.0 or other
standards.
About the token format, it seems that [JSON Web Tokens|https://jwt.io/] are
quite the default choice, especially considering the support that CXF already
provides for that.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
