user token generation endpoint at POST [/token/generate]
matching public key generation at GET [/token/public-key]
To people unfamiliar, it may not be directly apparent how these two things relate to each other and how to practically use it.
Feature
Let's create a documentation section where the actual steps are outlined and commented:
1 use POST /token/generate with credentials to obtain JWT for a user
2 show what it contains (unbase64), perhaps comment on the validity and other fields
3 show how to get a public key (GET /token/public-key) and how it is used to verify the content of JWT (mimic https://blog.miguelgrinberg.com/post/json-web-tokens-with-public-key-signatures and perhaps even directly link it or a similar source for more info)
Thanks @jakipatryk for suggesting it. 🙇♂️
Extra: to be done here or create another issue+PR: describe the JWKs endpoint and its usage
Background
We offer
POST [/token/generate]
GET [/token/public-key]
To people unfamiliar, it may not be directly apparent how these two things relate to each other and how to practically use it.
Feature
Let's create a documentation section where the actual steps are outlined and commented: 1 use
POST /token/generate
with credentials to obtain JWT for a user 2 show what it contains (unbase64), perhaps comment on the validity and other fields 3 show how to get a public key (GET /token/public-key
) and how it is used to verify the content of JWT (mimic https://blog.miguelgrinberg.com/post/json-web-tokens-with-public-key-signatures and perhaps even directly link it or a similar source for more info)Thanks @jakipatryk for suggesting it. 🙇♂️
Extra: to be done here or create another issue+PR: describe the JWKs endpoint and its usage