Yes, 100%.
On 2025/03/03 17:33:55 Ash Berlin-Taylor wrote:
> So is the auth manager involved in interpreting the JWT token in to something
> more meaningful in order to make permission decisions etc then?
>
> > On 3 Mar 2025, at 16:38, Vincent Beck wrote:
> >
> > JWT token created by FAB auth
So is the auth manager involved in interpreting the JWT token in to something
more meaningful in order to make permission decisions etc then?
> On 3 Mar 2025, at 16:38, Vincent Beck wrote:
>
> JWT token created by FAB auth manager:
> ```
> {
> "id": "12345789"
> }
> ```
>
> JWT token cre
Hi Ash,
Sure, let me try to give more details.
> Can you give a concrete example of the request flow between browser/CLI, the
> API server and any backends?
Assuming FAB auth manager is configured in the environement. Here is the API
call to create a JWT token:
```
curl -X 'POST' \
'http://
Yeah - for sure we need some details, the direction seems sound (and is
indeed pretty standard -
https://auth0.com/docs/secure/tokens/token-best-practices for example
describes a number of ways API security is handled with JWT.
Possibly - again - we should look at some ready to use solution in fast
Hi Vincent,
Can you elaborate more on Option 1?
Can you give a concrete example of the request flow between browser/CLI, the
API server and any backends?
How often is this API to generate a JWT called?
What is the request flow of user credentials?
What validation/verification is don eon the r
