-
|
With the discussion of security, I think we need to make sure it is easy to create the proper tokens, because if you do not create a token with the correct scope then you will not get access. This will commit us to using HCMA for JWT, which should be fine because this service should always be backed by an API Server/Service or a MESH Gateway. With that said, this proposal is to create a security service and on that security service create a token method in hyper63 core. The token method will only be allowed to be called by a superadmin with a scope of HYPER63 or a scope of SECURITY:* or a scope of SECURITY:TOKEN. POST /api/security/token Request BodyThe token endpoint will require a request body {
"sub": "user identifier for tracing",
"aud": "optional identifier for tracing tenant",
"scope": "space delimited list of scopes, eg DATA:READ SEARCH:READ",
"expiresIn": "short string to specify expiration: 1h, 1d, 1m, 1y"
}The return result would be an Responses201 {
"access_token": "...."
}This will make it easy to create tokens and it will return an Error if the sub, scopes, and expiresIn are not correctly specified. 400 - Bad Request 401 - Not Authorized 500 - Internal Error |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
I think we should hold on this feature request |
Beta Was this translation helpful? Give feedback.
I think we should hold on this feature request