Re: [abacus] Securing REST endpoints using OAuth bearer access token
Exactly. We're already using the jsonwebtoken  library for the handlingtoggle quoted message Show quoted text
of JWT tokens. The work we've been discussing here is more about
integrating that token validation and the authorization logic in the rest
of our code, and in particular where do we hook the token validation,
before or after our incoming request validation code?
For a more comprehensive authentication solution (which we've not really
started to work on), I'd suggest to look at a library like Passport  for
example which works well with the Express framework we're using and comes
with all kind of authentication strategy plugins, incl. support for JWT
with these plugins  for example.
On Wed, Sep 30, 2015 at 5:30 PM, Filip Hanik <fhanik(a)pivotal.io> wrote:
I wouldn't recommend writing this library by hand when there are plenty of