-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support to provide a custom claim name as authorization claim field #553
Add support to provide a custom claim name as authorization claim field #553
Comments
Authorization logic is currently limited on the scope attribute in every authentication mechanism (Basic Auth, JWT, OAuth2, LDAP). We need to improve this current ABAC approach providing the flexibility to user to build up own logic of authorization without limiting to the scope attribute we have now. But, from an implementation perspective, we must think carefully about how we can make it generic against all the authentication providers we support now, and we are yet to support. Also, apart from "static values" of the given attributes, we may have to consider how we can handle "dynamic values" of the given attributes, which may be used for authorization decisions. |
User may need to provide the claim name which is used for authorizations in JWT. By default, we use
scopes
claim for this [1]. But that can be changed, or this can be dynamic.Ex. Okta uses
scp
as the claim.[1] https://github.com/ballerina-platform/module-ballerina-jwt/blob/v1.0.3/jwt-ballerina/src/jwt/inbound_jwt_auth_provider.bal#L119
The text was updated successfully, but these errors were encountered: