joinmarket-clientserver
joinmarket-clientserver copied to clipboard
JWT token decoding is not done
Recent merging of #1291 reminded me that this has not been done.
Currently we use this as a token and intended for it to expire, but as you can see from jmclient.wallet_rpc.JMWalletDaemon.check_cookie
we are only checking the encoded secret and not decoding it.
https://github.com/JoinMarket-Org/joinmarket-clientserver/blob/537d2acfec612bcc424a40e6f5fb3ac19293da6b/jmclient/jmclient/wallet_rpc.py#L362
I would appreciate it if someone researches (or already knows) the best way to use such JWT tokens could chime in and either PR or just explain the best way to use them for our use case. What we have now is extremely crude.
Added help wanted because this is certainly something that someone, especially someone even moderately familiar with JWT or API authentication in general, could do, instead of me.