I’m building an API that will use JSON Web Tokens (JWTs), and I’m wondering about how that will fit in with Crossbar.
Usually a client will authenticate with the authentication server and receive a refresh and access token. The client will then use the
access token (which has a short expiration time) to access protected resources. Once the access token has expired, the client
will use the refresh token (long expiration time) to get a new access token.
My question is how or if this would work with Crossbar? My understanding is that if a client were to authenticate to Crossbar
with an access token, once the authentication happens once the client could stay authenticated for the duration of the
websocket (ignoring the access token expiration).
Is there a way in which this design would work, or should I not even be trying to use JWTs with Crossbar?
If JWTs would be an acceptable way to authenticate/authorize to Crossbar, could this be supported in the future?