Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Public key auth for JWTs #89

Closed
greenape opened this issue Oct 10, 2018 · 0 comments · Fixed by #864
Closed

Public key auth for JWTs #89

greenape opened this issue Oct 10, 2018 · 0 comments · Fixed by #864
Labels
enhancement New feature or request FlowAPI Issues related to the FlowKit API FlowAuth Issues related to FlowAuth security

Comments

@greenape
Copy link
Member

Per https://blog.miguelgrinberg.com/post/json-web-tokens-with-public-key-signatures via @maxalbert, we'd be better off using a public key solution for the JWTs as opposed to the current shared secrets.

Should -

  • allow supplying public/private key to auth manager
  • Maybe support generating a key pair inside the auth manager
  • Provide a mechanism to get the public key from the auth manager
  • Make use of the aud key in the JWT to ensure that tokens are valid only on specific servers
@greenape greenape transferred this issue from another repository Nov 26, 2018
@greenape greenape added enhancement New feature or request FlowAuth Issues related to FlowAuth FlowAPI Issues related to the FlowKit API security labels Nov 26, 2018
@greenape greenape mentioned this issue May 9, 2019
Closed
3 tasks
@greenape greenape mentioned this issue May 29, 2019
Merged
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request FlowAPI Issues related to the FlowKit API FlowAuth Issues related to FlowAuth security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Public key linkage between FlowAuth and FlowAPI Flowminder/FlowKit
1 participant
@greenape