Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Session tokens must always contain clientId, userId (if any) and the list of allowed permissions #68

Open
ferjm opened this issue Jan 23, 2017 · 0 comments
Open

Session tokens must always contain clientId, userId (if any) and the list of allowed permissions #68

ferjm opened this issue Jan 23, 2017 · 0 comments
Assignees
@ferjm
Milestone
Sprint 7

Comments

@ferjm
Copy link
Member

ferjm commented Jan 23, 2017
edited

Right now we are generating two kind of session tokens:

  • For the admin user, with a payload like:
{
  "id": "admin",
  "scope": "admin"
}
  • For regular users, with a payload like:
{
  "id": {
    "opaqueId": "facebook_id",
    "provider": "facebook",
    "clientKey": "02e9c7"
  },
  "scope": "user"
}

Session tokens must always contain a client key, a list of allowed permissions, and may have or may not have a user associated. So we should end up with:

  • Anonymous session tokens:
{ 
  "clientId": "1234567890987654321",
  "scopes": ["sensorthings"]
}
  • User session tokens:
{
  "clientId": "1234567890987654321",
  "userId": {
    "opaqueId": "facebook_id",
    "idp": "facebook"
  },
  "scopes": ["sensorthings"]
}

The list of permissions is tbd in #53
@ferjm ferjm added this to the Sprint 6 milestone Jan 23, 2017
@ferjm ferjm self-assigned this Jan 23, 2017
This was referenced Jan 23, 2017
Merged
Closed
@ferjm ferjm modified the milestones: Sprint 7, Sprint 6 Jan 30, 2017
ferjm added a commit to ferjm/sensorweb-server that referenced this issue Feb 1, 2017
@ferjm
[Issue mozilla-sensorweb#68] Session tokens must always contain clien…
a0d6f12 
…tId, userId (if any) and the list of allowed permissions
ferjm added a commit to ferjm/sensorweb-server that referenced this issue Feb 1, 2017
@ferjm
[Issue mozilla-sensorweb#68] Session tokens must always contain clien…
cbc005c 
…tId, userId (if any) and the list of allowed permissions
ferjm added a commit to ferjm/sensorweb-server that referenced this issue Feb 1, 2017
@ferjm
[Issue mozilla-sensorweb#68] Session tokens must always contain clien…
c170277 
…tKey, userId (if any) and the list of allowed permissions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ferjm ferjm

Labels
None yet
Projects
None yet
Milestone
Sprint 7
Development

No branches or pull requests
1 participant
@ferjm