Add ability to specify JWT secret used by server #765
Comments
|
Config is in place but restarting the server should not require logging in again… but it still does. |
Looks like I wound up here yesterday! #1363 (comment) The legacy IMS app relies entirely on the TWISTED_SESSION cookie to authenticate the user. If the server restarts, that TWISTED_SESSION is no longer valid. It's conceivable that the legacy app could instead also get itself a bearer token on login, then use that to create a new Twisted session anytime the old session is no longer valid. I've poked around with that a bit. The new IMS app uses bearer tokens instead, but it also sends over the TWISTED_SESSION cookie to the server. If that cookie value is important even in the new app, then this change might be necessary on the server-side. #1363 (comment) |
Add ability to specify JWT secret used by server, so that we can share the secret across application instances (required for >1 instance) and the Clubhouse (required for shared sign-in with Clubhouse).
The text was updated successfully, but these errors were encountered: