The only security scheme currently mentioned in Thing Descriptions is the OAuth2SecurityScheme, which assumes that tokens will be provided in an Authorization header.
Because the EventSource and WebSocket browser APIs to do not allow explicitly setting an Authorization header, the the gateway also supports providing a JWT in a query string.
This could be communicated to WoT Consumers by including the BearerSecurityScheme in the security metadata of Thing Descriptions, with in set to query and name set to jwt.
The only security scheme currently mentioned in Thing Descriptions is the
OAuth2SecurityScheme, which assumes that tokens will be provided in anAuthorizationheader.Because the EventSource and WebSocket browser APIs to do not allow explicitly setting an
Authorizationheader, the the gateway also supports providing a JWT in a query string.This could be communicated to WoT Consumers by including the
BearerSecuritySchemein the security metadata of Thing Descriptions, withinset toqueryandnameset tojwt.