Description about REST security and session handling with JWT (JSON Web Token)

interagent / http-api-design

HTTP API design guide extracted from work on the Heroku Platform API

https://geemus.gitbooks.io/http-api-design/content/en/

Other

13.69k stars 1.07k forks source link

Description about REST security and session handling with JWT (JSON Web Token) #21

Closed patoi closed 10 years ago

patoi commented 10 years ago

I think when we work with REST API, we have to handling authentication (session) data. OAuth and others based on JWT.

For example: https://github.com/vanioinformatika/poc-angularjs-jwt-rest

geemus commented 10 years ago

I suspect it depends on how you are consuming the API, as many would be using things other than javascript and/or angular. As such I suspect that this might be a little too granular and usage-specific to be a good fit here (where we expect a more general guide). I suppose that may change as JWT becomes more established, but for now that looks pretty early to tie to tightly.

patoi commented 10 years ago

Ok, I agree.

geemus commented 10 years ago

@patoi Thanks, I'd love to hear more about what you are working on though. It is definitely something that is quite new to me.