Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT Populate Lambda - Power User Mode #387

Closed
robotdan opened this issue Nov 27, 2019 · 6 comments
Closed

JWT Populate Lambda - Power User Mode #387

robotdan opened this issue Nov 27, 2019 · 6 comments
Labels
feature
Projects
FusionAuth Issues
Milestone
1.14.0

Comments

@robotdan
Copy link
Member

robotdan commented Nov 27, 2019
edited
Loading

JWT Populate Lambda - Power User Mode

Problem

The JWT Populate lambda is great, but some claims are reserved and cannot be modified.

Reserved claims are as follows:

  • applicationId
  • aud
  • authenticationType
  • email
  • email_verified"
  • exp
  • iat
  • iss
  • preferred_username
  • roles
  • sub

If I want to put something else in the JWT in the aud claim I cannot and I get sad. :-(

Solution

I would like to enable a power user mode on this lambda to assume all risk to let me do whatever I want!

Reserved claims:

  • exp
  • iat
  • sub

It should be noted that once you remove applicationId, roles or aud FusionAuth may no longer be able to utilize the token. It will depend upon the workflow, but if you are only intending to use this token with an external service you can do whatever you want.

Alternatives/workarounds

You can modify or add new claims, or namespace claims in another object.

Additional context

Uh... reasons?

Related

#409

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
@wxsdion
Copy link

wxsdion commented Dec 3, 2019

Hello,
In my case this is a much needed feature. We are currently migrating to FusionAuth but the new JWT issued is much longer than the tokens on our old system because of all the reserved claims being added by FusionAuth. The new JWTs are longer than 512 characters which is a breaking change for some of our clients.
It would be great to indeed have a power user mode to strip down the token to the claims we only need !

@jerryhopper
Copy link

yay, this would help me a LOT.

@jerryhopper jerryhopper mentioned this issue Dec 10, 2019
Closed
@robotdan robotdan added this to the 1.14.0 milestone Dec 30, 2019
@robotdan robotdan added this to Backlog in FusionAuth Issues via automation Dec 30, 2019
@robotdan robotdan moved this from Backlog to In progress in FusionAuth Issues Jan 14, 2020
@SebastianCanonaco
Copy link

I really need this!

@robotdan robotdan moved this from In progress to Done in FusionAuth Issues Jan 23, 2020
@robotdan
Copy link
Member Author

robotdan commented Jan 23, 2020
edited
Loading

Available in 1.14.0, no configuration necessary, the lambda will now allow you to modify or remove claims with the exception fo iat, exp and sub.

@SebastianCanonaco
Copy link

SebastianCanonaco commented Jan 23, 2020
edited
Loading

Is there documentation about this?
Just a jwt.property = null?

@robotdan
Copy link
Member Author

@SebastianCanonaco there will be, haven't updated it yet.

But you are correct, to remove a claim in the JWT set it to null in your lambda.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature
Projects
FusionAuth Issues
  
Delivered
Milestone
1.14.0
Development

No branches or pull requests
4 participants
@robotdan @jerryhopper @SebastianCanonaco @wxsdion