Uploaded image for project: 'PicketLink'
  1. PicketLink
  2. PLINK-400

Stateless behavior to the Identity bean

    Details

      Description

      Currently, the Identity bean is session scoped.

      In order to better support some RESTful and mobile use cases, we need to provide a stateless version of the Identity bean. The reason is because some use cases, like someone writing a RESTful API, don't require a session for each authenticated user, but only check whether the provided credentials are valid or not.

      A good example is a REST API providing an authentication endpoint. Where this endpoint only returns a token (JWT, for example) after the authentication. Subsequent calls to other services would just validate the token, instead of relying on the session to know when an client request was previously authenticated or not.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  pcraveiro Pedro Igor Silva
                  Reporter:
                  pcraveiro Pedro Igor Silva
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: