-
Notifications
You must be signed in to change notification settings - Fork 12
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for Require claim directive #1
Comments
The current state of things is that you cannot (yet) use any native |
Unfortunately that will not work for our use case - we want to do the audience validation in the DMZ, which means it must be done in the web tier. Would you recommend we use mod_auth_openidc at this time? Do you expect to support this type of validation in the future? |
I recommend that you use mod_auth_openidc for the time being indeed. I am turning this into a feature request. |
would you be able to test the latest commit? I have added support for Require claim directives... |
Is there an RPM installer available that I can use to install it on a test server of ours? |
Any luck with testing? |
Sorry, we had a holiday weekend and I am just getting caught up from that. I should be able to run some tests tomorrow (May 31). |
how did it work out? |
How do I use these claims? Is it possible to set a specific hd that I want in the jwt? I have tried <Location /secure> |
you need |
Thank you for the quick reply, is it possible to chain multiple together? I have tried It seems to only take the last item, and the first item is ignored. |
By default Apache considers this as a logical OR, in 2.4.x you can use RequireAll to create a logical AND. <RequireAll>
Require oauth2_claim hd:mySite.com
Require oauth2_claim email:me@mySite.com
</RequireAll> |
Again, thank you for the quick response! I appreciate the work you have done with this and helping those that don't have the strong understanding of Oauth & Apache that you do. |
We were looking to use mod_auth_openidc as a resource server, but saw the deprecation comments in the sample config referencing this plug-in. We need to validate the audience (aud) field in our access token. Is this supported? I reviewed the sample config file provided, but did not see a way to do this.
The text was updated successfully, but these errors were encountered: