View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007793 | Taler | other | public | 2023-04-05 18:40 | 2023-09-23 15:09 |
| Reporter | Florian Dold | Assigned To | sebasjm | ||
| Priority | normal | Severity | feature | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Product Version | git (master) | ||||
| Target Version | 0.9.3 | Fixed in Version | 0.9.3 | ||
| Summary | 0007793: use token auth for SPAs instead of storing credentials plain-text in local storage | ||||
| Description | What we currently do is obviously not very nice from a security perspective. Instead of using the plain-text user/password credentials, there should be a /login endpoint that then returns a bearer token. | ||||
| Tags | No tags attached. | ||||
|
|
This will require a token table with the list of currently valid access tokens per account/instance. -- or maybe we just sign the token and store all of the data inside the token! |
|
|
access token should include account/instance, scope, creation timestamp (for forced logout per account) and expiration + EdDSA signature. |
|
|
3f86f293..47a86dfc specifies the /login API for this. Not yet implemented. |
|
|
Now implemented in C backend and tests pass. SPA missing. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2023-04-05 18:40 | Florian Dold | New Issue | |
| 2023-09-05 14:02 | Christian Grothoff | Assigned To | => Christian Grothoff |
| 2023-09-05 14:02 | Christian Grothoff | Status | new => assigned |
| 2023-09-05 14:02 | Christian Grothoff | Severity | minor => feature |
| 2023-09-05 14:02 | Christian Grothoff | Product Version | => git (master) |
| 2023-09-05 14:02 | Christian Grothoff | Target Version | 1.0 => 0.9.3 |
| 2023-09-05 14:04 | Christian Grothoff | Note Added: 0020500 | |
| 2023-09-05 14:11 | Christian Grothoff | Note Edited: 0020500 | |
| 2023-09-05 14:15 | Christian Grothoff | Note Added: 0020501 | |
| 2023-09-05 18:05 | Christian Grothoff | Note Added: 0020505 | |
| 2023-09-06 22:42 | Christian Grothoff | Note Added: 0020508 | |
| 2023-09-06 22:42 | Christian Grothoff | Assigned To | Christian Grothoff => sebasjm |
| 2023-09-11 21:19 | sebasjm | Status | assigned => resolved |
| 2023-09-11 21:19 | sebasjm | Resolution | open => fixed |
| 2023-09-23 15:07 | Christian Grothoff | Fixed in Version | => 0.9.3 |
| 2023-09-23 15:09 | Christian Grothoff | Status | resolved => closed |
