Interfaces/Clients will make requests to services. Those clients may include an Authorization header with their request which contains an encoded TPEN User and roles. TPEN services need to be able to process a user and their roles from requests with an Authorization header.
Make a module specifically for processing JWTs. The module should be able to return a TPEN User JSON object after processing good JWTs. It should gracefully fail for bad JWTs.
Note it is not this modules job to determine if a user is logged in or has an active session.
Interfaces/Clients will make requests to services. Those clients may include an Authorization header with their request which contains an encoded TPEN User and roles. TPEN services need to be able to process a user and their roles from requests with an Authorization header.
Make a module specifically for processing JWTs. The module should be able to return a TPEN User JSON object after processing good JWTs. It should gracefully fail for bad JWTs.