Hi Jacques, Okay, so I misunderstood the goal. You can forget what I said :) Still the article is really interesting :)
Cheers, Gregory 2016-07-23 12:55 GMT+02:00 Jacques Le Roux <jacques.le.r...@les7arts.com>: > HI Gregory, > > If I'm not mistaken (I'll not do it) the idea is indeed to use tokens for > one time authentication, but to then use OFBiz current work flow for the > rest (ie handling sessions) > > Quoting below: "Behind the scenes, we will be using the current work flow > as is" > > This is also what we did with the project I spoke about. > > Thanks for the article! > > Jacques > > > > Le 22/07/2016 à 15:53, gregory draperi a écrit : > >> Hi guys, >> >> JSON web tokens are suitable for one time authentication between parties >> but they have important drawbacks if they are used as a session mechanism >> (how to store them, not possible to invalidate one...) >> >> There is a nice article on this: >> http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ >> >> Best wishes, >> >> Gregory >> >> >> >> 2016-07-13 13:19 GMT+02:00 Rishi Solanki <rishisolan...@gmail.com>: >> >> Rahul, >>> >>> Thanks for detailed proposal, I gone thru all the details. No changes in >>> the current auth system, and achieving token based authentication looks a >>> good idea to me. >>> >>> Agree on all the details provided and will try to participate in the >>> reviewing the design/implementation. >>> >>> >>> +1. >>> >>> >>> Rishi Solanki >>> Manager, Enterprise Software Development >>> HotWax Systems Pvt. Ltd. >>> Direct: +91-9893287847 >>> http://www.hotwaxsystems.com >>> >>> On Mon, Jun 20, 2016 at 2:24 AM, Jacques Le Roux < >>> jacques.le.r...@les7arts.com> wrote: >>> >>> We (I was then working with ilscipio) did something like that for a >>>> client, and I agree it's the way to go. >>>> >>>> I mean that I agree with "We are not going to implement the Token Based >>>> Authentication process at low level. Behind the scenes, we will be using >>>> the current work flow as is" >>>> >>>> Disclaimer: I did not look into all details. Also we planned to use >>>> >>> OpenId >>> >>>> but eventually the Token Based Authentication we used was specific and >>>> proprietary to the client (this remembered me >>>> http://markmail.org/message/7vtjvjomneimspvl) >>>> >>>> Jacques >>>> >>>> >>>> >>>> Le 18/06/2016 à 15:01, Rahul Bhooteshwar a écrit : >>>> >>>> Hello All, >>>>> Recently felt the need of Token Based Authentication process in Apache >>>>> OfBiz while using OfBiz's business process offerings with standalone >>>>> clients like Mobile Apps, Angular JS based apps running outside Apache >>>>> OfBiz etc. >>>>> >>>>> What currently we are having in OfBiz is session based authentication >>>>> process which is *stateful*. But while dealing with the independently >>>>> running remote clients stateful authentication is not gonna work as we >>>>> will >>>>> not be using *server-browser session* anymore in those cases. >>>>> >>>>> Following are the initial draft & supporting documents to proceed >>>>> >>>> further: >>> >>>> - Token Based Authentication in Apache OfBiz >>>>> < >>>>> >>>>> >>> https://docs.google.com/document/d/1xbpjNWGZp8B_79YJmPxmSJqkx7Qo_EI7u_PE0WNt3B4/edit#heading=h.g14rrmsoijiv >>> >>>> - Token Based Authentication >>>>> < >>>>> >>>>> >>> https://docs.google.com/document/d/15QBV87vMD42QppCaHpxgcefcg_ac7HFeSQQnF_S50nk/edit#heading=h.mdriqalojfy4 >>> >>>> - JSON Web Tokens >>>>> < >>>>> >>>>> >>> https://docs.google.com/document/d/1wLfv8h_Kkd4iHBxW4Gkx987Q7KBocWAGvss2p4N4fIM/edit >>> >>>> - IETF's (Internet Engineering Task Force) Documentation for JSON >>>>> >>>> Web >>> >>>> Tokens >>>>> < >>>>> >>>>> >>> https://drive.google.com/file/d/0BzXOhs4-o0n9cHVGckgwUndsUGc/view?pref=2&pli=1 >>> >>>> I would like to propose a requirement to implement this in OfBiz, & >>>>> >>>> invite >>> >>>> you all to provide valuable inputs to conclude the requirements & >>>>> implementation plans. >>>>> >>>>> Thanks and Regards >>>>> *Rahul Bhooteshwar* >>>>> Enterprise Software Engineer >>>>> HotWax Systems <http://www.hotwaxsystems.com/> - *Global leader in >>>>> innovative enterprise commerce solutions **powered by Apache OFBiz.* >>>>> >>>>> >>>>> >> >> > -- Grégory Draperi
