JWT looks as a nice way for a CASified use-facing application to
communicate with internal REST APIs/microservices. These microservices
can't be accessed by users directly, don't have state and don't need to
deal with sessions and don't need to become CAS controlled services and
correspondingly
JWT looks as a nice way for a CASified use-facing application to
communicate with internal REST APIs/microservices. These microservices
can't be accessed by users directly, don't have state and don't need to
deal with sessions and don't need to become CAS controlled services and
correspondingly
nd redirect to CAS. This of course
> would not work if you stored data in the app session. I suppose it is
> possible to have a field in the session to indication authentication (php
> probably works like this).
>
> I have not used JWT nor CAS ajax so take my suggestion as a wild idea.
&
ore of a concern if your app stores data in the
> session.
>
> Ray
>
> On Thu, 2019-04-11 at 10:56 -0700, Ken Zilber wrote:
>
>
>
>
>
> Thank you for the quick response.
>
> Sending ajax calls to a subdomain the script did not come from will be an
> is