Skip to content

Check if email is allowed to login and create signed JWT

  1. The endpoint should first check with the TSA policy service if the given email is authorized to use the system.
  2. If so, the service must generate JWT and sign it with a preconfigured private key (ENV variable). The signing functionality should be abstracted with an interface, so later it may be easily substituted with another signing service/option.
  3. Token expiration will be configured from environment variable.
  4. An http link will be generated at a preconfigured domain (ENV variable), and the link contain the JWT as query string parameter.
  5. Email will be sent containing the link to the given email.
  6. The frontend application will receive the request with the token after the user has clicked it.

Needed external components:

  • TSA policy
  • Email service or SMTP server (tbd)

Copyright © Eclipse Foundation, Inc. All Rights Reserved.     Privacy Policy | Terms of Use | Copyright Agent