Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introspect JWT token #3

Open
eabili0 opened this issue May 3, 2019 · 2 comments
Open

Introspect JWT token #3

eabili0 opened this issue May 3, 2019 · 2 comments
Assignees
@eabili0
Labels
enhancement New feature or request

Comments

@eabili0
Copy link
Contributor

eabili0 commented May 3, 2019

IntrospectToken should check if the token is a JWT, and open it locally (without going to hydra)
@eabili0 eabili0 added the enhancement New feature or request label May 3, 2019
@eabili0 eabili0 self-assigned this May 3, 2019
@claudiosegala
Copy link
Contributor

claudiosegala commented Oct 28, 2019
edited
Loading

@abilioesteves just to confirm, the steps to this would be something like:

Configure

  1. Retrieve Hydra Public Certificate (HPC) with Json Web Keys Endpoint
  2. Store in HydraClient Struct

Instrospect Modification

  1. Verify if the token is JWT
    Possible using this regex: /^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/;, source.
  2. Validate Access Token JWT with HPC
  3. Return the info contained in the token

Questions

  • Should I find a dependency to take care of the validation of JWT or build my own? We kinda have implemented some simple version for whisper.

@eabili0
Copy link
Contributor Author

eabili0 commented Oct 28, 2019

Yes! That's correct! @claudiosegala

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eabili0 eabili0

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@eabili0 @claudiosegala