The claim portion of the JWT carries the FSCS id. Therefore, we know that the sensor has already authenticated, and therefore, we can trust this FSCS id.
We should use this in functions like beat_the_heart and update_presences instead of asking for/trusting the sensor to tell us who it is.
Description
The
claim
portion of the JWT carries the FSCS id. Therefore, we know that the sensor has already authenticated, and therefore, we can trust this FSCS id.We should use this in functions like
beat_the_heart
andupdate_presences
instead of asking for/trusting the sensor to tell us who it is.User Story
No response
Architectural Decision Records (ADRs)
No response