[aerogear-dev] Security on AeroGear
Bruno Oliveira
bruno at abstractj.org
Tue Jul 2 14:41:28 EDT 2013
Ahoy!
Summers Pittman wrote:
> So the bearer token would be a HTTP Header and the JWS/JWT items would
> be part of the request body?
Not really Summers, Bearer tokens make use JWS/JWT specifications, but
they're not tied together. The proposed here is skip the bearer token
implementation and just make use of JWS/JWT.
It could be part of the request body or the header. Is just a matter of
implement and discuss.
>
> Are the tokens the same for the whole session or are they also a
> function of the request content? (A Hash, etc)
Initially I'm planning to make it valid for the whole session, but we
can customize it to our needs.
Makes sense? Wdyt?
--
abstractj
More information about the aerogear-dev
mailing list