Mercurial > p > roundup > code
comparison doc/rest.txt @ 7361:bc6bcffbed2a
rewrite JWT future to use refresh tokens.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 16 May 2023 11:58:56 -0400 |
| parents | fc88c66eb73b |
| children | f53de10ea8ea |
comparison
equal
deleted
inserted
replaced
| 7360:1fe17a659f39 | 7361:bc6bcffbed2a |
|---|---|
| 2055 username/password authentication. | 2055 username/password authentication. |
| 2056 | 2056 |
| 2057 Currently use of JWTs an experiment. If this appeals to you consider | 2057 Currently use of JWTs an experiment. If this appeals to you consider |
| 2058 providing patches to existing code to: | 2058 providing patches to existing code to: |
| 2059 | 2059 |
| 2060 1. record all JWTs created by a user | 2060 1. create long lived refresh tokens |
| 2061 2. using the record to allow JWTs to be revoked and ignored by the | 2061 2. record all refresh tokens created by a user |
| 2062 roundup core | 2062 3. using the record to allow refresh tokens to be revoked and |
| 2063 3. provide a UI page for managing/revoking JWTs | 2063 ignored by the roundup core |
| 2064 4. provide a rest api for revoking JWTs | 2064 4. provide a UI page for managing/revoking refresh tokens |
| 2065 5. provide a rest api for revoking refresh tokens | |
| 2065 | 2066 |
| 2066 These end points can be used like:: | 2067 These end points can be used like:: |
| 2067 | 2068 |
| 2068 curl -u demo -s -X POST -H "Referer: https://.../demo/" \ | 2069 curl -u demo -s -X POST -H "Referer: https://.../demo/" \ |
| 2069 -H "X-requested-with: rest" \ | 2070 -H "X-requested-with: rest" \ |