Closed robobario closed 8 years ago
mtokumaru
commented
8 years ago I had a look through jwt some more. Pretty sure we can scrap dropwizard auth. We can just populate the payload of the token with some basic information like display name and role. Then the main filter will just give us a user that we can use within any api calls
robobario
commented
8 years ago I made a pull request to show how JWT can implement with dropwizard auth if we want it to #40
It means we could use the role annotations on resources. I think we could also make it provide UserPrincipal as a parameter to the resource methods with a little more configuration.
Added some unit tests to show what it does.
robobario
commented
8 years ago looks like jwt combined with dropwizard auth is good
We currently have a bit of dropwizard auth and a bit of satellizer auth. Do we need the dropwizard auth stuff?
I think it will be enough to have some path like /gameswap/v1/secure/* protected by the satellizer auth filter. I think in the end we will have some resources we want accessible by non-logged in users because they should be able to play around with the site before they sign up.