New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[policy] [jwt] Using the aud field as a fallback for application reference #1235

Closed
NFortun opened this Issue May 9, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@NFortun

NFortun commented May 9, 2018

When an Endpoint uses the JWT plan, if there is no client_id field, Gravitee could use the aud field. This field is a standard in JWT

Expected Behavior

Calling a endpoint with a jwt plan with no client_id in it. Gravitee will look into the aud field and validate or not the request.

Current Behavior

Calling a endpoint with a jwt plan with no client_id returns a 401 error, access_denied.

Context

I'm trying to provide a secure way to call APIs via jwt authentication. I get a generic Identity Server ( WSO2 ) that generates a jwt for a user. The client_id is written in the aud field and not in a client_id field.

Your Environment

  • Version used:
  • Browser Name and version: Firefox 59.0.3
  • Operating System and version: Debian 9.3

@NFortun NFortun changed the title from JWT - Using the aud field as a fallback to [JWT] - Using the aud field as a fallback May 9, 2018

@brasseld brasseld changed the title from [JWT] - Using the aud field as a fallback to [policy] [jwt] Using the aud field as a fallback for application reference May 9, 2018

@NFortun

This comment has been minimized.

NFortun commented May 17, 2018

Another possibility is to use the azp field. It is the authorized party to which the token was issued

brasseld added a commit to gravitee-io/gravitee-policy-jwt that referenced this issue May 30, 2018

@brasseld brasseld self-assigned this May 30, 2018

brasseld added a commit to gravitee-io/gravitee-policy-jwt that referenced this issue May 30, 2018

@brasseld brasseld added this to the 1.17.0 milestone Jun 1, 2018

aelamrani added a commit to gravitee-io/gravitee-policy-jwt that referenced this issue Jun 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment