Story #7516
Include standard claim fields in JWT auth token
100%
Description
Lauren noticed that our "ttl" field was incorrectly using millisecond values, greatly inflating the duration that a token would be considered valid. Upon further research, I see that there are many "registered claim names" that we should probably be using instead of those that were required by the AnnotatorJS library that first led us to use JWTs. https://tools.ietf.org/html/rfc7519#section-4.1
I propose updating our JWT issuing and interpretation code to use these standard fields as well as include the custom fields required by AnnotatorJS.
Note that this is a substantial change even if only a few lines of code will actually be altered.
Subtasks
History
#1 Updated by Ben Leinfelder about 9 years ago
- Status changed from New to In Progress
- % Done changed from 0 to 30
Mostly done with the development work on this. But should be reviewed when documentation is updated and test server has changes deployed to it.
#2 Updated by Ben Leinfelder about 9 years ago
- Status changed from In Progress to Testing
- % Done changed from 30 to 50
Deploying on cn-sandbox-2 for UI testing. Can do other environments too if needed.
#3 Updated by Ben Leinfelder about 9 years ago
- Status changed from Testing to Closed
- % Done changed from 50 to 100
#4 Updated by Chris Jones about 9 years ago
I'd agree that we should include the standard claim names in the tokens. It's nice that they've standardized a bunch of useful fields, and our interoperability will be better if we populate them. +1