[sr-dev] [kamailio] Is cross module function call a good practice? (#50)
mading087
notifications at github.com
Fri Jan 23 16:44:34 CET 2015
JSON Web Token usually has 3 parts: header, claim set, and signature. For example,
header: {"typ":"JWT", "alg":"RS256"}
claims: {"iss":"joe","iss":http://id.server.com","sub":<user>@<sipdomain>",exp":1300819380, "http://example.com/is_root":true}
signature: RSA signature on hash of {base64(header) ||"."||base64(claims)}
In addition to validate the signature, we'd also need to check the "sub" (subject) to make sure the user is in the database (sip table). It seems the simplest way is to check if the <user> and <sipdomain> from "sub" belong to a valid record in sip table.
---
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/50#issuecomment-71212126
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-dev/attachments/20150123/30e23ec0/attachment.html>
More information about the sr-dev
mailing list