-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 02/12/2016 12:50 AM, Blaise Laflamme wrote: > The token is just a claim so I wouldn't rely on its encoded > information to provide access level to your app. Anything about the > user could change at any moment, so the token won't be up to date and > will cause you more problems than you would try to solve
ISTM that relying on the token claims makes sense in SSO environments where the identity provider is the authoritative source for that information (the pyramid app might not even have any other way to get at it), and mints the token with some guarantee of "freshness" for it. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 [email protected] Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJWv+B+AAoJEPKpaDSJE9HYuGoQAIPt+Itc1ZRhpOqlfxXukNaT CDwQ6rM1S1yH5A+PxaSaRMJdS9CTc33E1NirclgbPkgEmxRV2Q0ZpB/ts3ZKQcxO 22aInHS/01XLRgHCWNBu51TdRTcFtLQhLGv4kPK6xRVNblQTkiKrPcF4Kp0TF00Z qTiDWupeKUT8RqR1TkF552t9dvb5AUU2t4ylfaK8LOsetbFS5XQ5nFNPrh7i5lyk 0+MvfSl0F6pd9COxdMo43kq12U4vq48fkY+Y1QXRfu9hax/PfJr2GE51YNNgQE9V vE8mlZPzVncBo5HJQ2Ck1HmYopHtSz8bUE8qTUheQtRPpWh/Rj4qkJkMmcjmuHOw WG1/2mtFmlHOvhYqgjXV9Su90pKDbNON0/OGfZO+nf4tmi332rbFfljHz4QnPyxx c3dBwrSumSPn73i3baFgoOpMC+XuSsY/0H4TIqFMpPGi0zH/CosBjsAeFCJNLEcy fHJD9MA3CdwnNF/9oIzPBdpI8Iba1AVZ/6//yzS73svUjRVI1CENITNf1+rozggw DhxlGjxuKeOA2uob1tCODwfDuT7F/3G9IbMaIzbbUA8FC/j7Szhpgii7xx59KvCo 2etVbP+ZcJp/pLPyzO392+VCVOgHpZ2V9QYssiHVBvzajS5FVyQcyPLzhqHsBGcb mxfvIqVAQkb7eqY+/oS/ =W6l/ -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/pylons-discuss. For more options, visit https://groups.google.com/d/optout.
