...
- To authenticate with JWT the client would
- Generate a valid jwt jti (e.g. uuid)
- Have the correct time within configured drift (10 minutes?), get the seconds since 1970 (GMT)
Send a "Bearer" authorization header sfdlh23kjh.kjhsdfkjhsf.kjh345kjhkjh (three parts separated by dot)
First part is the header is base64 url encoded
Code Block { alg: "RS-256", typ: "JWT" }
The second part is what makes the token unique and identifies the user
- jti is a unique value per request (across clusters), cannot be re-used. e.g. a uuid
- username is: system name of local entity
- iat: Number of seconds since 1970 (that the ticket is issued), the number received on server needs to be within the allowable time drift
Code Block { jti: "abc123", username: "org:businessSchool:credentials:wiki", iat: 1234567 }
- Thus the same request cannot be replayed
Add a new password via gsh for UI
Code Block |
---|
v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.UI).assignUsername("GrouperSystem").assignPassword("password").save();
|
Add a new password via gsh for WS
Code Block |
---|
v2.5.29+
new GrouperPasswordSave().assignApplication(GrouperPassword.Application.WS).assignUsername("GrouperSystem").assignPassword("password").save();
|
...