Jacques Le Roux commented on OFBIZ-9833:

Hi Jacopo,

I made an architectural mistake.

My mistake was to test locally when I was using a plain request in the form. 
Because as soon as you turn to another domain the token is not generated 
locally but on the target server. What misleaded me was that as long as you had 
an autoUserLoginId cookie on the target server it would work.  So IMO we have 
to do it on the client side with an Ajax request and I'm working on it. I will 
then revert my work (I still need some part and will change but keep them, 
notably the preprocessor). If I get it working with Ajax I'll put a new patch 

> Token Based Authentication
> --------------------------
>                 Key: OFBIZ-9833
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-9833
>             Project: OFBiz
>          Issue Type: New Feature
>          Components: framework
>            Reporter: Deepak Dixit
>            Assignee: Deepak Dixit
>            Priority: Major
>         Attachments: JSON Web Tokens.pdf, OFBIZ-9833-JWTManager.patch, 
> OFBIZ-9833-external-server-test-example.patch, 
> OFBIZ-9833-external-server-test-example.patch, 
> OFBIZ-9833-external-server.patch, OFBIZ-9833-external-server.patch, 
> OFBIZ-9833-external-server.patch, Token Based Authentication in Apache 
> OfBiz.pdf, Token Based Authentication.pdf, rfc7519.pdf
> Here is dev list discussion for token based authentication work:
> http://markmail.org/message/vyskeh2wujqpkbwg

This message was sent by Atlassian JIRA

Reply via email to