shokri-navid
commented
1 year ago ⚠ I will leave the SSL certificate by now an I will continue working encode and decode token using a simple SSL key. But we should figure it out to increase our security.
Closed thepeak99 closed 1 year ago
shokri-navid
commented
1 year ago ⚠ I will leave the SSL certificate by now an I will continue working encode and decode token using a simple SSL key. But we should figure it out to increase our security.
navid-shokri
commented
1 year ago ℹ It seems good schema for payload of our jwt token https://jwt.io/libraries?language=PHP
shokri-navid
commented
1 year ago ❓ @thepeak99 we should talk about some subjects. 1 - what kind of claim should be inserted into the token? Like shared folders, groups, etc. 2- how we should handle the token expirations like logging in again or some kind of refresh tokens? 3- which certificate should be used if we want to use the RS256 algorithm? the hosting certificate or a special one? 4- should I start the unit testing meanwhile or it will be done with lower priority?
navid-shokri
commented
1 year ago ℹ
So, I write some tests for the CertificateProvider class and I will continue testing the JWTHelper.
navid-shokri
commented
1 year ago ⚠ So the Issue subject should be changed because the plan has been changed.
currently, we do not need to generate the token. some third party will issue it and we just need to verify it.
ℹ I choose this ibrary to generate the jwt token. It seems we need some ssl certificate to encode and decode the token.