Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge #1480: Decode JWT token for validation
b2822dd Implement wallet RPC's JWT token authority (roshii) Pull request description: Implement `jmclient.auth` module to manage JWT. Upon successful authentication (e.g. unlock wallet), response includes both a `token` and a `refresh_token`. The former can be used for call authentication, valid for 30 min. After expiration, user can call `/token/refresh` endpoint with his expired access token in header and refresh token in POST call payload to get both a new access and refresh token. Refresh token is valid for 4 hours. Anytime a new access token is issued, refresh token signature key is re-initialized, invalidating any previously issued token. Tokens are scoped to a specific `wallet_name` and a generic `walletrpc` category, and should allow future upgrades such as authorization granularity. Fixes #1297 Top commit has no ACKs. Tree-SHA512: 44dd4338ceace04f838e92dae35b0df16b7d01d92599af57eb2652a9dcea0a41663128eec88f3e76efa0b6729a4b202122760b9ee0920863c128c0ec0ab2c83d
- Loading branch information