Add support to provide a custom claim name as authorization claim field #553
Assignees
Labels
Area/Security
Issues related to stdlib security
module/jwt
Type/Improvement
Verson/SwanLakeDump
All issues planned for Swan Lake GA release
Milestone
Comments
ldclakmal
added
the
Verson/SwanLakeDump
45 tasks
|
Authorization logic is currently limited on the scope attribute in every authentication mechanism (Basic Auth, JWT, OAuth2, LDAP). We need to improve this current ABAC approach providing the flexibility to user to build up own logic of authorization without limiting to the scope attribute we have now. But, from an implementation perspective, we must think carefully about how we can make it generic against all the authentication providers we support now, and we are yet to support. Also, apart from "static values" of the given attributes, we may have to consider how we can handle "dynamic values" of the given attributes, which may be used for authorization decisions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
User may need to provide the claim name which is used for authorizations in JWT. By default, we use
scopesclaim for this [1]. But that can be changed, or this can be dynamic.Ex. Okta uses
scpas the claim.[1] https://github.com/ballerina-platform/module-ballerina-jwt/blob/v1.0.3/jwt-ballerina/src/jwt/inbound_jwt_auth_provider.bal#L119
The text was updated successfully, but these errors were encountered: