http://jwt.io/
This is something I'm doing in a new SubFire extension I'm writing (in node, but there are JWT libraries for Java available).
Basically, after the first login (say, a ping.view call with the user, password or token+seed), you can encrypt those objects locally and return them in a signed JWT. The UI can send them back with every request, leaving the u/p/s/t options off, which allows you to maintain the stateless nature of the server API, but keeps all subsequent requests to-from the clients secure in not having to include all those details.
The normal JWT standard just describes using taking the JSON hash and base64'ing it, but there are ways to add additional encryption in that to keep it safe.
Feel free to PM me if you'd like to discuss this further.
J
Look at JWT (JSON Web Tokens) for security
Moderator: moderators
1 post
• Page 1 of 1
Look at JWT (JSON Web Tokens) for security
by acroyear » Thu Feb 11, 2016 7:25 pm
--
Joe Shelby
http://subfiresuite.com/
http://subfireplayer.net/
Joe Shelby
http://subfiresuite.com/
http://subfireplayer.net/
-
acroyear - Posts: 779
- Joined: Wed Mar 27, 2013 8:05 pm
- Location: Northern, VA
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests