Open akshayeshenoi opened 7 years ago
j12y
commented
6 years ago Can you explain what fast-token is/does that you are looking for?
The predix.security.uaa module should already be checking the expiration on the token so only when it expires or is rejected would a new token be requested. There may be a nuance though I'm missing and should be incorporated.
Thanks!
akshayeshenoi
commented
6 years ago Fast Token deals with API security primarily.
Incoming API requests should have an Authorization: bearer token in their headers. The app should then use this token to verify if it is in fact valid. Traditionally, this is done by making a request to the UAA instance, which adds to the overall latency.
Fast Token validation essentially checks the incoming client-token's validity locally. All it needs is your UAA's public key (for which it needs to make one request). It then decodes the JWT and verifies its integrity using the public key we fetched [read more].
Say, for a flask app:
@app.route('/hello')
def hello():
if uaa.authenticateRequest(request) is false: return 'Forbidden'
return 'Hello, World'There is a JS implementation in this org as well.
Perform fast-token validation on incoming requests. Should be part of the UAA module?