On 13/06/2017 17:25, Colm O hEigeartaigh wrote:
Thanks Francesco, I will take care of that.
Cool :-)
Another question - do we have tests (e.g. bad signature, untrusted signature,
token expired etc.)?
No, we don't have specific tests for that: since we're using CXF
libraries for parse and generation, I thought it was not necessary, but
feel free to add.
Regards.
On Tue, Jun 13, 2017 at 4:21 PM, Francesco Chicchiriccò <[email protected]>
wrote:
On 13/06/2017 17:17, Colm O hEigeartaigh wrote:
Hi all,
The docs state that "X-Syncope-Token is returned on response to successful
authentication
<https://syncope.apache.org/docs/reference-guide.html#rest-
authentication-and-authorization>,
and contains the unique signed JSON Web Token
<https://en.wikipedia.org/wiki/JSON_Web_Token> identifying the
authenticated user".
However with, e.g. curl -I -u alice:security
http://localhost:8080/syncope/rest/users/self I don't see the
X-Syncope-Token header being returned (Syncope 2.0.4-SNAPSHOT).
Do I need to explicitly configure returning the token or am I missing
something else?
The endpoint for obtaining the JWT is
POST /accessTokens/login
Maybe it is an idea to add an example to that section in the docs.
Regards.
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
