Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-1780

[oauth] Ignore claims in JWT tokens that are not relevant to our impl of auth / authz

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 1.8.0.GA
    • None
    • security
    • None

    Description

      We are using keycloak-core library for handling parsing of access tokens / refresh tokens / jwks. When parsing access tokens the library assumes types of standard claims according to OAuth 2.0 / OIDC 1.0 and associated spec drafts. Some of the associated spec drafts have not been finalised and are implemented differently (incompatibly) by different authorization server implementations.

      We need to either find a way to ignore such incompatibilites during token parsing (possibly through patches to keycloak-core library) or switch to a different library altogether that would allow us that.

      Attachments

        Issue Links

          is related to

          Task - Represents a small unit of work that is not end-user facing. ENTMQST-2802 [DOC OCP] Document OAuth improvements for 1.8

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              Unassigned Unassigned
              marko.strukelj@gmail.com Marko Strukelj
              Maros Orsak Maros Orsak
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: