Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Introduce a JWTUserProvider allowing to trust in the JWT #278

Merged
merged 1 commit into from
Dec 30, 2016

Conversation

chalasr
Copy link
Collaborator

@chalasr chalasr commented Dec 2, 2016

From jwt.io:

Self-contained: The payload contains all the required information about the user, avoiding the need to query the database more than once.

This is a working draft at the moment, allowing to preserve the federation benefit of JWT by avoiding fetching the user from the datastore more than once, so each token-authenticated request trusts in the JWT data rather than reloading the user to authenticate it.

I'm not sure how this should be introduced, at first I think it should not be the recommended way to use this bundle, but I do think we should have it since we are signing tokens and verifying them at each request, it makes sense to don't reverify the user.

Closes #277 once finished.
/cc @scaytrase

@chalasr chalasr changed the title Introduce a JWTUserProvider allowing to trust in the JWT rather than hitting the datastore Introduce a JWTUserProvider allowing to trust in the JWT Dec 2, 2016
@chalasr chalasr force-pushed the stateless_user_provider branch 2 times, most recently from a5e72e8 to b9fea51 Compare December 2, 2016 18:11
@chalasr chalasr force-pushed the stateless_user_provider branch 4 times, most recently from 781173a to e65c4bb Compare December 8, 2016 22:59
@chalasr chalasr force-pushed the stateless_user_provider branch 6 times, most recently from e97a048 to 8dfd713 Compare December 30, 2016 13:13
@chalasr chalasr merged commit b398d64 into lexik:master Dec 30, 2016
@chalasr chalasr deleted the stateless_user_provider branch December 30, 2016 13:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant