New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow configuration of JWT for access token on a per client basis #638

Closed
nynymike opened this Issue Aug 31, 2017 · 3 comments

Comments

Projects
None yet
3 participants
@nynymike
Contributor

nynymike commented Aug 31, 2017

It would be nice if oxAuth could be configured to return a signed JWT access token from the /token endpoint that has the following claims (per https://tools.ietf.org/html/rfc7662#section-2.2)

  1. aud
  2. sub
  3. iat
  4. scope
  5. iss
  6. exp

We also need another client configuration parameter for access_token_signing_alg

Note this token should not be prefixed (see #804)

@nynymike nynymike added this to the CE 3.2.0 milestone Aug 31, 2017

@nynymike nynymike modified the milestones: 3.2.0, 3.1.4 Mar 6, 2018

@nynymike nynymike assigned yuriyz and unassigned qbert2k Aug 22, 2018

yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Aug 24, 2018

setup: added oxAccessTokenAsJwt and oxAccessTokenSigningAlg attribute…
…s to oxAuthClient OC. Also re-generated schema files based on gluu_schema.json.

GluuFederation/oxAuth#638

yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Aug 24, 2018

setup: added oxAccessTokenAsJwt and oxAccessTokenSigningAlg attribute…
…s to oxAuthClient OC. Also re-generated schema files based on gluu_schema.json.

GluuFederation/oxAuth#638

(cherry picked from commit 0ada2b5)
@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Aug 24, 2018

Client have:

  • access_token_as_jwt - boolean value to indicate whether return access_token as jwt or not (default value is false);
  • access_token_signing_alg - signing algorithm used to sign jwt.

yuriyz added a commit that referenced this issue Aug 24, 2018

yuriyz added a commit that referenced this issue Aug 24, 2018

#638 : fixed oxauth client to pass access_token_as_jwt and access_tok…
…en_signing_alg. Fixed bug with signing. Added client http test for access_token as jwt.

#638

yuriyz added a commit that referenced this issue Aug 24, 2018

yuriyz added a commit that referenced this issue Aug 24, 2018

#638 : fixed oxauth client to pass access_token_as_jwt and access_tok…
…en_signing_alg. Fixed bug with signing. Added client http test for access_token as jwt.

#638

(cherry picked from commit 978ff6a)

yuriyz added a commit that referenced this issue Aug 24, 2018

#638 : fixed signing bug
#638

(cherry picked from commit 0d67798)

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit that referenced this issue Aug 24, 2018

#638 : fixed AccessTokenAsJwtHttpTest
#638

(cherry picked from commit 644b5d3)

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018

yuriyz added a commit to GluuFederation/docs-ce-prod that referenced this issue Aug 29, 2018

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Aug 29, 2018

JWT access_token are returned as bearer thus introspection token_type=bearer.
Authorization: Bearer eyJhbGci...<snip>...yu5CSpyHI. It will make client code consume jwt tokens as bearer and at the same time RP that cares about JWT can just parse it.

@yuriyz

This comment has been minimized.

Contributor

yuriyz commented Aug 31, 2018

done in 3.1.4 and master

@yuriyz yuriyz closed this Aug 31, 2018

shmorri added a commit to GluuFederation/docs-ce-prod that referenced this issue Sep 21, 2018

Update 3.1.x-intro.md
Added update for issue [638](GluuFederation/oxAuth#638)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment