Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36852

Dashboard should use JWT to find the authenticated user

    XMLWordPrintable

Details

    Description

      This removes an extra call to fetch the authenticated user

      Attachments

        Issue Links

          Activity

            jamesdumay James Dumay added a comment -

            vivek is there a guide for frontend developers for using the JWT?

            jamesdumay James Dumay added a comment - vivek is there a guide for frontend developers for using the JWT?
            vivek Vivek Pandey added a comment - jamesdumay yes. UI should do the following: Get Token : https://docs.google.com/document/d/1LrsK4w-PRbQu8aBJXxoaFEvxRjlpIo1Z1k4Sr68ALuY/edit#heading=h.v53y1dtwbdla Verify token and get claim/get user form it: https://docs.google.com/document/d/1LrsK4w-PRbQu8aBJXxoaFEvxRjlpIo1Z1k4Sr68ALuY/edit#heading=h.jw9apl15qatm Call REST API using JWT token: https://docs.google.com/document/d/1LrsK4w-PRbQu8aBJXxoaFEvxRjlpIo1Z1k4Sr68ALuY/edit#heading=h.8opwdiuo6i4k some references: https://jwt.io/ https://github.com/kjur/jsrsasign
            cliffmeyers Cliff Meyers added a comment -

            I think we might want to rename this ticket and tweak the description:

            • Dashboard should integrate with JWT to determine authenticated user
            • Must expose a store that can be shared into the blueocean-personalization plugin
            • Need to enhance "fetch" code to append JWT token to HTTP header
            • Must gracefully handle token expiration issues. If the server returns a 401, the UI must gracefully catch the exception, request a new token from the endpoint, and retry the request... otherwise this expiration issue could bleed through the entire code base
            cliffmeyers Cliff Meyers added a comment - I think we might want to rename this ticket and tweak the description: Dashboard should integrate with JWT to determine authenticated user Must expose a store that can be shared into the blueocean-personalization plugin Need to enhance "fetch" code to append JWT token to HTTP header Must gracefully handle token expiration issues. If the server returns a 401, the UI must gracefully catch the exception, request a new token from the endpoint, and retry the request... otherwise this expiration issue could bleed through the entire code base

            People

              imeredith Ivan Meredith
              jamesdumay James Dumay
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: