Session tokens must always contain clientId, userId (if any) and the list of allowed permissions

Right now we are generating two kind of session tokens:

- For the admin user, with a payload like:
```json
{
  "id": "admin",
  "scope": "admin"
}
```
- For regular users, with a payload like:
```json
{
  "id": {
    "opaqueId": "facebook_id",
    "provider": "facebook",
    "clientKey": "02e9c7"
  },
  "scope": "user"
}
```

Session tokens must always contain a client key, a list of allowed permissions, and may have or may not have a user associated. So we should end up with:

- Anonymous session tokens:
```json
{ 
  "clientId": "1234567890987654321",
  "scopes": ["sensorthings"]
}
```
- User session tokens:
```json
{
  "clientId": "1234567890987654321",
  "userId": {
    "opaqueId": "facebook_id",
    "idp": "facebook"
  },
  "scopes": ["sensorthings"]
}
```

The list of permissions is tbd in #53 

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Session tokens must always contain clientId, userId (if any) and the list of allowed permissions #68

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Session tokens must always contain clientId, userId (if any) and the list of allowed permissions #68

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions