Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tokenauth #56

Open
djthorpe opened this issue May 29, 2024 · 0 comments
Open

tokenauth #56

djthorpe opened this issue May 29, 2024 · 0 comments

Comments

@djthorpe
Copy link
Member

Create middleware to validate API tokens (Bearer) against an interface

  • Middleware gets JWT and a secret from the interface, and scope from the route ("permissable scope")
  • Interface provides a secret to validate the a JWT, or empty string
  • Checks against JWT using secret - if token is valid and route scope is in token scopes, skip the interface, get parameters
  • Otherwise, Interface takes a token and optionally a scope, returns all the parameters and all allowed scopes, or
  • Not Authorized if the scope is not allowed
  • Call the child method
  • After child method, store parameters and scope in JWT with the secret and pass as a cookie back to the client

The interface can store API key against parameters and allowed scopes. Interface should probably update the "last accessed date" against a token

Check for API revoke, secret revoke
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@djthorpe