-
Notifications
You must be signed in to change notification settings - Fork 16
Handle token from backend #87
Comments
Hi, @robtweed could you please provide information how do you plan to send the token in the payload? |
Every JSON response from the new middle tier will include a top-level property named token which will contain the latest version of the JWT that you should use as the new JSESSIONID cookie value, eg this kind of pattern { |
Hi, @robtweed thank you for the information. Could you please clarify where the data itself is going to be stored? Inside of the |
There will be no change to the responses you receive already. All I'm saying is:
NOTHING ELSE changes for you as far as the responses from QEWD. However, as the token is a JWT, you can optionally begin to use its contents within PulseTile if you wish. You will be unable to modify its contents, as it is digitally signed by the QEWD middle tier and you don't have access to its secret key. However you can read its contents - if you wish - it's up to you if you want to make use of its session information. |
If you want to see what I mean, run Ripple against the new middle tier: and, using Chrome Dev Tools, look at the responses. You'll see that they are identical to before (which is why PulseTile still works against the new middle tier), but you'll see that there's a token property containing a very long string which is the JWT. That's the ONLY change as far as you're concerned. |
@robtweed thank you very much for the explanation, it looks clear now. We were assuming that you will wrap the data in a separate object to distinguish it from token, this way we would need to change the response data reference. |
@robtweed there is one more question, that arose today: endpoints for the headings contain an array of objects rather than a top-level object itself, where will the token be stored in this case? Attaching problems heading response as an example https://www.screencast.com/t/LfBmTMfF. CC: @tony-shannon |
Recently we’ve got a request from Rob, that we should handle JWTs in all responses from backend side on React version. We discussed it with our team and found that to implement it we should add a new handler to our middleware, this way we are able to handle all responses to our requests.
Related issue: PulseTile/PulseTile-React-Core#131
PulseTile/PulseTile-AngularJS#75
The text was updated successfully, but these errors were encountered: