T
Tim Kuehn
Guest
If you create a client-princpal object, that'll give you a sealed token you can use for an authorized user. The CP object also has a SESSION-ID attribute you can then pass to the client and the client can pass back in on each API call. The SESSION-ID can then be used to get the CP object, verify that it hasn't expired, and then used to assert the user's ID for the duration of the call.
Continue reading...
Continue reading...