simple_token_authentication icon indicating copy to clipboard operation
simple_token_authentication copied to clipboard

Published 20 hours ago verified publisher icon gonzalo-bulnes

Signed requests

Open jamesfzhang opened this issue 7 years ago • 3 comments

Do you support signed requests with a timed TTL?

jamesfzhang avatar Mar 15 '17 18:03 jamesfzhang

Hello @jamesfzhang,

I'm not sure to understand exactly what you want to do. It might be possible taking advantange of the Simple Token authentication hooks feature. Anyway, it sounds like JWT might interest you. (There are Ruby implementations, I haven't used any.)

gonzalo-bulnes avatar Mar 16 '17 04:03 gonzalo-bulnes

Hi @gonzalo-bulnes,

I'm interested in something very similar to JWT. The authentication hooks feature would be really helpful. After authenticate_user! runs, I want to verify the request with JWT. Thanks for your help!

jamesfzhang avatar Mar 16 '17 15:03 jamesfzhang

Hi @jamesfzhang,

Sorry for the latency :P It seems that could be done through similar logic to #300. The payload signature verification would really happen around token comparison. Does that make sense to you? (Maybe you've moved on at this point, have you found a satisfactory solution to get that behaviour?)

gonzalo-bulnes avatar Aug 06 '17 13:08 gonzalo-bulnes