Changes
/* People - Person - JSON Web Tokens (JWT) */
Using JSON Web Tokens (JWT), when the user logs out, the token is discarded by the client. However, if anyone keeps hold of the token, further API requests are still possible using said token until the token expires. In other words: a "log out" procedure doesn't really exist and can't be implemented properly. On the internet, most people mention a "revocation list" or a "black list" containing tokens which have been revoked. This makes the API stateful, because this token list must be stored somewhere. In our case, we store the JSON Web Tokens in a leaf beneath the person (as these tokens are personal).
Below each person entry, we have In the example belowa toke sub tree, which stores the JSON Web Token <code>sstToken=2e211493-41e6-4c74-9431-b5d990b177a4</code> points to virtual machine with the b543f88f-dffe-426f-86d3-c7ff85c16d2a and the uidTokens: 1234567.
<source lang='ldif'>
dn: ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: organizationalUnit
ou: units
description: The sub tree for the tokens of the person with the uid 4000002
</source>
Each JSON Web Token (JWT) receives its own child-entry to store additional meta data, such as the token's create date, last utilisation date, ...
In the example below, the JSON Web Token <code>sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4</code> has to
<source lang='ldif'>
dn: sstToken=2e211493-41e6-4c74-9431-b5d990b177a4,ou=tokens,uid=4000002,ou=people,dc=stoney-cloud,dc=org
objectclass: top
objectclass: sstTokenObjectClass
sstToken: 2e211493-41e6-4c74-9431-b5d990b177a4
description: The sub tree for the tokens of the person with the uid 4000002
</source>
The API will make sure, that the amount of registered remote IP addresses and requesting User-Agents doesn't exceed a certain configurable limit (for example: 2). If the limit is exceeded, the session will be invalidated.
==== People - Person - Roles (LEGACY) ====
