tjkemper
commented
7 years ago Look into JWT
Open Fayeredd opened 7 years ago
tjkemper
commented
7 years ago Look into JWT
tjkemper
commented
7 years ago API doesn't need a login feature
Fayeredd
commented
7 years ago Thanks Taylor :p
tjkemper
commented
7 years ago I think a good direction is to require every request to have a JWT.
More specifically it'll be a JWS that is signed by a secret that our API knows (but not the client who sends the request).
Once we have that, we can talk about standardizing the payload of the JWT. What claims do we want, how does that change which endpoints are allowed, etc.
Utilizing Spring security and a separate database for storing users, implement a secure access feature