-
assigned issue to
Authenticated RPC calls using service accouts
Issue #324
resolved
An alternative approach to one described in Issue #323, is to use Google App Engine service accounts to authenticate calls to VidGrind from OceanCron (and vice versa).
Comments (4)
-
reporter -
reporter Researching various approaches, one relatively straightforward method is to use JWT (JSON Web Token) to digitally sign the service account info using a secret that is shared between VidGrind and OceanCron.
-
reporter We can also digitally sign other useful request data as part of the JWT claims object, for example, the site key, rather than passing such data in the clear.
-
reporter - changed status to resolved
- Log in to comment