Versions Compared

Version Old Version 8 New Version 9
Changes made by

Team Oktopus

Technische Redaktion

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Page Properties
hiddentrue
idDONE

Product Version2020 Winter
Report Note
AssigneeAntje

Resources & Remarks

Modification History

NameDateProduct VersionAction
Antje Oelschlägel27 MAY 20212021 SummerPage created and filled with content provided by Jerome.
Agnieszk02 JUNE 20212021 SummerrLANG
Antje17 DEC 20212022 Springexpiration date is validated as well



Excerpt

Configure the validation of the internal JSON Web Token that is used to authorize an API call reaching the individual services in the yuuvis® Momentum cluster.

Note
titlePreview

The validation of internal JSON Web Tokens will be supported as of version 2021 Autumn.


Section
bordertrue


Column

Table of Contents

Table of Contents
exclude(Table of Contents|Read on|Authentication against the Core API|Access Authorization and Permissions|Test System Installation Guide)


...

In order to prevent unauthorized access from outside by faking the JWT, as of version 2021 Autumn, its signature can be used for an additional validation of the caller's authorization. As of version 2022 Spring, the expiration date is validated as well. Thus, it is not possible to authenticate with a token anymore if its expiration date is exceeded. The validation is provided by the internal endpoint /authentication/jwt/verify of the AUTHENTICATION Service. In order to activate the validation, the endpoint has to be exposed manually.

...

If the signature of the JWT matches its header and payload, and the expiration date is not exceeded, the validation will be successful and the response body contains true. If the validation fails, the response body contains false.

...