Iplement whitelist for authenticated clients #179
Milestone
Comments
|
Or add the token as query parameter? Would be a long url and could give problems with embedded devices. A list of clients that can be authenticate via query parameter "shorted" token? Perhaps a MD5 hash of a JWT? |
|
Another approach could be that the connector works like a proxy? (In combination with a whitelist?) |
|
Create a class.token.js that creates a hash of the jwt stored in the database and pass that hash via URL? Instead of just storing the token as string, store a object: {
"token": "yJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"md5": "c915345df82a1a3a273e3630e0bf68a0",
"sha1": "fd9745dfe46131f4fc52f27c3b4bf999511ebd3f",
"crc32": "0xBF10F3AD "
}Or so... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For some clients (e.g. Shelly) its not possible to authenticate, to allow them to call the API, enable a whitelist for specific source IPs.
The text was updated successfully, but these errors were encountered: