Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using JWT via URI #19

Closed
3goats opened this issue Mar 18, 2015 · 15 comments
Closed

Using JWT via URI #19

3goats opened this issue Mar 18, 2015 · 15 comments

Comments

@3goats
Copy link

3goats commented Mar 18, 2015

Hi,

I need to configure HAPI to accept the JWT via the URI as part of a GET request. Is it possible to use it in this way?

Regards.

@nelsonic
Copy link
Member

Hi @carlskii
The URI use-case is not implemented (yet) as it encourages people to share URLs with tokens (which can lead to security compromise) but... we would consider a Pull Request if you want to submit one...

@nelsonic
Copy link
Member

@carlskii What would you want to call the URL parameter?
e.g. token or jwt ?

@nelsonic
Copy link
Member

@carlskii we can implement this in no time. please just let us know what url parameter you want to use. thanks.

@3goats
Copy link
Author

3goats commented Apr 22, 2015

I guess it could just be called "token".

The use case for me would be to ideally generate a time expiring key or token to some of my routes. A bit like Amazons S3 signed url feature. Not sure though if JWT is the right thing for this though.

@nelsonic
Copy link
Member

Using the exp (expiry) time stamp in the JWT you can easily reject a token that has expired.
Are you hoping to send the link in an email?
E.g: http//:yoursite.com/restricted?token=JWT.goes.here

@3goats
Copy link
Author

3goats commented Apr 22, 2015

Yes that's the plan.

Sent from my iPad

On 22 Apr 2015, at 17:14, Nelson [email protected] wrote:

Using the exp (expiry) time stamp in the JWT you can easily reject a token that has expired.
Are you hoping to send the link in an email?


Reply to this email directly or view it on GitHub.

@nelsonic
Copy link
Member

Ok, do you have time to help us write some code or documentation for the feature?

(If you're low on time we could squeeze it in tomorrow and send you a pull request for review...)

@3goats
Copy link
Author

3goats commented Apr 22, 2015

I can help document it, but my skills with regards writing the code for this type of thing are limited.

Sent from my iPad

On 22 Apr 2015, at 17:20, Nelson [email protected] wrote:

Ok, do you have time to help us write some code or documentation for the feature?


Reply to this email directly or view it on GitHub.

@rainabba
Copy link

What is the status on this issue? Is this project maintained (no reply since April 22 on the issue)?

@nelsonic
Copy link
Member

@rainabba thanks for reminding us about this! This module is maintained and actively used.
We have just published a new version of the module to npm which allows tokens to be passed in via url parameter.
Please let us know if you need any help getting started with using it. 👍

@nelsonic
Copy link
Member

@carlskii we have released Version 4.6.0 which includes support for token url parameter.
Closing this issue as we consider it to be resolved by the latest release.
Let us know if you need anything else! 👍

@rainabba
Copy link

Much appreciated!

@nelsonic
Copy link
Member

@rainabba we appreciate you keeping us on our toes! 😉
please ⭐ the repository to signal to others that you find it useful.
Thanks again! 👍

@alexdrans
Copy link

Just needed this feature, thanks feature requesters of times past!

@nelsonic
Copy link
Member

nelsonic commented Dec 7, 2016

@alexdrans yeah, we're lucky that way...! ❤️
(hope you are well and your project(s) are going smoothly!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants