Add support for UserIdentityToken
Requirements
Client side
- being able to send a
UserIdentityToken
of typeAnonymousIdentityToken
orUserNameIdentityToken
when activating a session, - being able to send an encrypted
UserIdentityToken
, - to fill its
policyId
field, the client shall keep theUserIdentityTokens
array of theCreateSessionResponse
of the current session, to be able to find a matchingUserTokenPolicy
and itspolicyId
, - the application should pass identification tokens while creating the session.
Server side
- receive a (maybe encrypted)
UserIdentityToken
, - find the corresponding
UserTokenPolicy
, - callback the application to validate a
username:password
, - associate user rights to the user:
- read service,
- write service.
Edited by Pierre-Antoine BRAMERET