[Pulp-dev] Pulp 3: using JWT to request a JWT
jaudet at redhat.com
Thu Nov 30 17:21:58 UTC 2017
> Another scenario: someone tcpdumps my traffic (yes, somehow they have the
SSL cert, work with this assumption for now). They can come back 3 days
from now, browse the tcpdump output, and renew the token. That would not be
possible with a short-lived token and no renewal past expiration.
Renewal with expired tokens isn't being proposed. This is a straw man
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pulp-dev