[aerogear-dev] Security on AeroGear

Bruno Oliveira bruno at abstractj.org
Tue Jul 2 14:41:28 EDT 2013


Ahoy!

Summers Pittman wrote:
> So the bearer token would be a HTTP Header and the JWS/JWT items would
> be part of the request body?

Not really Summers, Bearer tokens make use JWS/JWT specifications, but 
they're not tied together. The proposed here is skip the bearer token 
implementation and just make use of JWS/JWT.

It could be part of the request body or the header. Is just a matter of 
implement and discuss.

>
> Are the tokens the same for the whole session or are they also a
> function of the request content? (A Hash, etc)

Initially I'm planning to make it valid for the whole session, but we 
can customize it to our needs.

Makes sense? Wdyt?

-- 
abstractj



More information about the aerogear-dev mailing list