Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow configuration of JWT for access token on a per client basis #638

Closed
nynymike opened this issue Aug 31, 2017 · 3 comments
Closed

Allow configuration of JWT for access token on a per client basis #638

nynymike opened this issue Aug 31, 2017 · 3 comments
Assignees
@yuriyz
Labels
enhancement libs update, re-factroring, etc.
Milestone
3.1.4

Comments

@nynymike
Copy link
Contributor

nynymike commented Aug 31, 2017
edited by yuriyz

It would be nice if oxAuth could be configured to return a signed JWT access token from the /token endpoint that has the following claims (per https://tools.ietf.org/html/rfc7662#section-2.2)

  1. aud
  2. sub
  3. iat
  4. scope
  5. iss
  6. exp

We also need another client configuration parameter for access_token_signing_alg

Note this token should not be prefixed (see #804)
@nynymike nynymike added the enhancement libs update, re-factroring, etc. label Aug 31, 2017
@nynymike nynymike added this to the CE 3.2.0 milestone Aug 31, 2017
@nynymike nynymike mentioned this issue Aug 31, 2017
Closed
@nynymike nynymike modified the milestones: 3.2.0, 3.1.4 Mar 6, 2018
@nynymike nynymike assigned yuriyz and unassigned qbert2k Aug 22, 2018
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Aug 24, 2018
@yuriyz
setup: added oxAccessTokenAsJwt and oxAccessTokenSigningAlg attribute…
0ada2b5 
…s to oxAuthClient OC. Also re-generated schema files based on gluu_schema.json.

GluuFederation/oxAuth#638
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Aug 24, 2018
@yuriyz
setup: added oxAccessTokenAsJwt and oxAccessTokenSigningAlg attribute…
1890ebe 
…s to oxAuthClient OC. Also re-generated schema files based on gluu_schema.json.

GluuFederation/oxAuth#638

(cherry picked from commit 0ada2b5)
@yuriyz
Copy link
Contributor

yuriyz commented Aug 24, 2018
edited

Client have:

  • access_token_as_jwt - boolean value to indicate whether return access_token as jwt or not (default value is false);
  • access_token_signing_alg - signing algorithm used to sign jwt.

yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : added ability to return access_token as JWT which is configura…
3cbbc54 
…ble on client

#638
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : added ability to return access_token as JWT which is configura…
27e1038 
…ble on client

#638

(cherry picked from commit 3cbbc54)
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : fixed oxauth client to pass access_token_as_jwt and access_tok…
978ff6a 
…en_signing_alg. Fixed bug with signing. Added client http test for access_token as jwt.

#638
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : fixed signing bug
0d67798 
#638
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : fixed oxauth client to pass access_token_as_jwt and access_tok…
7c0ed0e 
…en_signing_alg. Fixed bug with signing. Added client http test for access_token as jwt.

#638

(cherry picked from commit 978ff6a)
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : fixed signing bug
1333f21 
#638

(cherry picked from commit 0d67798)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : Added accessTokenAsJwt and accessTokenSigningAlg to client …
b485092 
…properties

#703
GluuFederation/oxAuth#638
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : accessTokenSigningAlg string -> SignatureAlgorithm
b60553c 
#703
GluuFederation/oxAuth#638
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : fixed AccessTokenAsJwtHttpTest
644b5d3 
#638
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : accessTokenAtJwt boolean -> GluuBoolean
a056d60 
#703
GluuFederation/oxAuth#638
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : accessTokenAtJwt boolean -> GluuBoolean
f0d4073 
#703
GluuFederation/oxAuth#638
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : removed accessTokenAtJwt from summary page
666b6f2 
#703
GluuFederation/oxAuth#638
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : isAccessTokenAsJwt -> getAccessTokenAsJwt
0ed42aa 
#703
GluuFederation/oxAuth#638
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : set default value on UI AccessTokenAsJwt=false
7ce9c7c 
#703
GluuFederation/oxAuth#638
yuriyz added a commit that referenced this issue Aug 24, 2018
@yuriyz
#638 : fixed AccessTokenAsJwtHttpTest
949c3a9 
#638

(cherry picked from commit 644b5d3)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : Added accessTokenAsJwt and accessTokenSigningAlg to client …
14ae430 
…properties

#703
GluuFederation/oxAuth#638

(cherry picked from commit b485092)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : accessTokenSigningAlg string -> SignatureAlgorithm
26d0772 
#703
GluuFederation/oxAuth#638

(cherry picked from commit b60553c)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : accessTokenAtJwt boolean -> GluuBoolean
f754497 
#703
GluuFederation/oxAuth#638

(cherry picked from commit a056d60)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : accessTokenAtJwt boolean -> GluuBoolean
fb0478e 
#703
GluuFederation/oxAuth#638

(cherry picked from commit f0d4073)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : removed accessTokenAtJwt from summary page
0a84ccc 
#703
GluuFederation/oxAuth#638

(cherry picked from commit 666b6f2)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : isAccessTokenAsJwt -> getAccessTokenAsJwt
473c043 
#703
GluuFederation/oxAuth#638

(cherry picked from commit 0ed42aa)
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Aug 24, 2018
@yuriyz
oxtrust : set default value on UI AccessTokenAsJwt=false
954877a 
#703
GluuFederation/oxAuth#638

(cherry picked from commit 7ce9c7c)
yuriyz added a commit to GluuFederation/docs-ce-prod that referenced this issue Aug 29, 2018
@yuriyz
docs : added docs about access_token as JWT
f2945b2 
GluuFederation/oxAuth#638
3.1.4
@yuriyz
Copy link
Contributor

yuriyz commented Aug 29, 2018

JWT access_token are returned as bearer thus introspection token_type=bearer.
Authorization: Bearer eyJhbGci...<snip>...yu5CSpyHI. It will make client code consume jwt tokens as bearer and at the same time RP that cares about JWT can just parse it.

@yuriyz yuriyz mentioned this issue Aug 29, 2018
Closed
yuriyz added a commit that referenced this issue Aug 31, 2018
@yuriyz
#638 : added check on issuer to AccessTokenAsJwtHttpTest
0ce67a2 
#638
yuriyz added a commit that referenced this issue Aug 31, 2018
@yuriyz
#638 : added check on issuer to AccessTokenAsJwtHttpTest
68f784d 
#638

(cherry picked from commit 0ce67a2)
@yuriyz
Copy link
Contributor

yuriyz commented Aug 31, 2018

done in 3.1.4 and master

@yuriyz yuriyz closed this as completed Aug 31, 2018
shmorri added a commit to GluuFederation/docs-ce-prod that referenced this issue Sep 21, 2018
@shmorri
Update 3.1.x-intro.md
ae03519 
Added update for issue [638](GluuFederation/oxAuth#638)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
enhancement libs update, re-factroring, etc.
Projects
None yet
Milestone
3.1.4
Development

No branches or pull requests
3 participants
@yuriyz @qbert2k @nynymike