Authentication
Mugnsoft components use JSON Web Tokens for access Authorization and Information Exchange.
Mugnsoft Auth
JSON Web Token (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. This information can be verified and trusted because it is digitally signed. More info on JWT.
Mugnsoft of course has a built-in user authentication system with password authentication enabled.
Login and short-lived tokens
Mugnsoft uses short-lived tokens of 15min as a mechanism for verifying authenticated users. These short-lived tokens are refreshed at regular interval for an active authenticated user.
An active authenticated user that gets it token refreshed will extend its login access to another 15min. This means that a user can close its browser and come back before now + 15min and still being authenticated.
Mugnsoft Information Exchange
The user that connects the differents Mugnsoft components cannot be changed and its pwd is encrypted and salted at the setup time.
Information Exchange is performed with JWT token, the login access is valid for only 15min, then a refresh token is used for later communication. No configuration is required to set up Information Exchange between webserver/probe(s) and webserver/integrator(s) and probe(s)/integrator(s). This process is automatically performed at startup of the webserver.
In some specific situation where servers' token have expired because of a system crashed, you can resynchronize the JWT communication across all the servers, here’s how to