Reply to this email directly or view it on GitHub.
JSON Web Token usually has 3 parts: header, claim set, and signature. For example,
header: {"typ":"JWT", "alg":"RS256"}
claims: {"iss":"joe","iss":http://id.server.com","sub":@",exp":1300819380, "http://example.com/is_root":true}
signature: RSA signature on hash of {base64(header) ||"."||base64(claims)}
In addition to validate the signature, we'd also need to check the "sub" (subject) to make sure the user is in the database (sip table). It seems the simplest way is to check if the and from "sub" belong to a valid record in sip table.
—
Reply to this email directly or view it on GitHub.