This PR adds a new method to APIClient that returns an instance of DeviceAPIClient configured to use a JWT token instead of an opaque token. With this new method, the DELETE and PATCH requests to /api/device-accounts will use a JWT bearer token generated and signed for each request.
The JWT is generated with the following claims:
sub: the user id.
iss: the enrollment id.
aud: the API endpoint URL.
exp: expiration timestamp. The JWT is valid for 2 hours.
Description
This PR adds a new method to
APIClientthat returns an instance ofDeviceAPIClientconfigured to use a JWT token instead of an opaque token. With this new method, theDELETEandPATCHrequests to/api/device-accountswill use a JWT bearer token generated and signed for each request.The JWT is generated with the following claims:
sub: the user id.iss: the enrollment id.aud: the API endpoint URL.exp: expiration timestamp. The JWT is valid for 2 hours.iat: generation timestamp.https://user-images.githubusercontent.com/5055789/118770294-89e3b800-b857-11eb-8e8b-ddab8dfb8248.MP4
Testing
Unit tests have been added for this new method, and for the new claim set. Also, the change has been tested manually with Guardian.iOS.
Checklist
master