Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-1780

[oauth] Ignore claims in JWT tokens that are not relevant to our impl of auth / authz

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done
    • Icon: Major Major
    • 1.8.0.GA
    • None
    • security
    • None

      We are using keycloak-core library for handling parsing of access tokens / refresh tokens / jwks. When parsing access tokens the library assumes types of standard claims according to OAuth 2.0 / OIDC 1.0 and associated spec drafts. Some of the associated spec drafts have not been finalised and are implemented differently (incompatibly) by different authorization server implementations.

      We need to either find a way to ignore such incompatibilites during token parsing (possibly through patches to keycloak-core library) or switch to a different library altogether that would allow us that.

              Unassigned Unassigned
              marko.strukelj@gmail.com Marko Strukelj
              Maros Orsak Maros Orsak
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: