TODO - Add a unit tests/build info if its easy to do
This project creates jwt for clients and then verifies the token later on.
TODO
- subject as user
- id is user
- issuer as root
- expiration of one hour
- Hashicorp vault is simple to setup and use.
- This can also be passed when starting the server.
- generate tokens
- unit tests
- user as subject
- what claims to use?
- made a quick decision
- verification of token
- unit tests
- tokenManager
- tests
- end-point for generating token
- end-point for validating
- how to store the secret
- using AppConstants for now
- use a vault
- use User without saving it in a db.
- getToken sends username and we generate a UUID for it and use it
- add User to a database
- getToken URI should validate a user Id and return token for it.
Unit tests are a must. I will try to write them as much as possible. I do not want to add integration test.