...
- To authenticate with JWT the client would
- Generate a valid jwt jti (e.g. uuid)
- Have the correct time within configured drift (10 minutes?), get the seconds since 1970 (GMT)
Send a "Bearer" authorization header sfdlh23kjh.kjhsdfkjhsf.kjh345kjhkjh (three parts separated by dot)
First part is the header is base64 url encoded
Code Block { alg: "RS-256", typ: "JWT" }The second part is what makes the token unique and identifies the user
- jti is a unique value per request (across clusters), cannot be re-used. e.g. a uuid
- username is: system name of local entity
- iat: Number of seconds since 1970 (that the ticket is issued), the number received on server needs to be within the allowable time drift
Code Block { jti: "abc123", username: "org:businessSchool:credentials:wiki", iat: 1234567 }
- Thus the same request cannot be replayed
Add a new password via gsh
| Code Block |
|---|
grouperPasswordSave = new GrouperPasswordSave();
grouperPasswordSave.assignUsername("GrouperSystem").assignPassword("password").assignEntityType("username");
grouperPasswordSave.assignApplication(GrouperPassword.Application.UI);
boolean isSaved = new Authentication().assignUserPassword(grouperPasswordSave); |