Open mjgiarlo opened 1 year ago
Authorization
header containing a JSON Web Token (or JWT); andemail
and a password
parameter and these requests succeed only if sdr-api has a user with the specified email and password
to
parameter specifies the user's ID and that ID is either found in the database or it is created with an opaque, secure (e.g., complex & reasonably long) password that is never viewed, changed, or used and is persisted in the application database as a bcrypt
-encrypted digestTBD
We will revisit this ticket after we meet with API partners and learn their functional & technical requirements.
This issue will be fleshed out in an upcoming meeting.
Stanford MinSec standards
sdr-api should, e.g.:
Token Usage