[Pulp-dev] Pulp 3: using JWT to request a JWT

Jeremy Audet jaudet at redhat.com
Thu Nov 30 17:21:58 UTC 2017

Good points.

> Another scenario: someone tcpdumps my traffic (yes, somehow they have the
SSL cert, work with this assumption for now). They can come back 3 days
from now, browse the tcpdump output, and renew the token. That would not be
possible with a short-lived token and no renewal past expiration.

Renewal with expired tokens isn't being proposed. This is a straw man
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pulp-dev/attachments/20171130/3fb63ad5/attachment.htm>

More information about the Pulp-dev mailing list