joinmarket-clientserver icon indicating copy to clipboard operation
joinmarket-clientserver copied to clipboard

Published 20 hours ago verified publisher icon JoinMarket-Org

JWT token decoding is not done

Open AdamISZ opened this issue 2 years ago • 1 comments

Recent merging of #1291 reminded me that this has not been done. Currently we use this as a token and intended for it to expire, but as you can see from jmclient.wallet_rpc.JMWalletDaemon.check_cookie we are only checking the encoded secret and not decoding it.

https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/537d2acfec612bcc424a40e6f5fb3ac19293da6b/jmclient/jmclient/wallet_rpc.py#L362

I would appreciate it if someone researches (or already knows) the best way to use such JWT tokens could chime in and either PR or just explain the best way to use them for our use case. What we have now is extremely crude.

AdamISZ avatar May 31 '22 15:05 AdamISZ

Added help wanted because this is certainly something that someone, especially someone even moderately familiar with JWT or API authentication in general, could do, instead of me.

AdamISZ avatar Sep 11 '22 10:09 AdamISZ