Open dfaulken opened 7 years ago
This goes along with umts/microservices-router#22.
Maybe JWT is worth looking into?
require 'jwt'
secret = "THISISSUCHASECRETPASSWORD"
data = {a: 1, b: 2, c: 'three'}
token = JWT.encode data, secret, 'HS256'
#=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJhIjoxLCJiIjoyLCJjIjoidGhyZWUifQ.PRXLDCr97fH132YvOjjYYgAoCm5kMSL8Q4wcmcbMo_w"
# transmit the token, on the other end:
JWT.decode token, secret, 'HS256'
#=> [{"a"=>1, "b"=>2, "c"=>"three"}, {"typ"=>"JWT", "alg"=>"HS256"}]
Nice, thank you @werebus. This is perfect.
In order to not be sending security tokens over the air, which would enable anyone who intercepts them to impersonate the service they belong to, instead the security tokens will live locally with the router and with each service. When the service sends the checkin request, it will hash that request using the security token as a salt, and send the resulting hash along with the request.
The router will then do the same: use the security token to hash the request (minus the hash that came from the service), and compare the two hashes. They should match.
Thanks to @werebus for the suggestion.