Open jaredhanson opened 2 years ago
This is very interesting-- but I'm not sure very many of us in CASA are JW experts, much less experts in how OIDC tokens profile JW. Is the goal to get CASA feedback first and use that to define a JWT profile/scheme for IANA?
Yeah, that's the objective. Standardizing the claims so they are in the IANA registry would be the ideal outcome. The specification (once finalized) could be submitted to the most relevant organization, I suspect IETF would be appropriate but it could also be hosted here if there is interest. Either way, feedback from this community would be appreciated.
I think this is really useful. This allows people to include blockchain accounts in JOSE objects without name ambiguity. Also +1 for registering in IANA after the CAIP was approved. A lot of applications don't allow custom claims if they are not registered in IANA or don't use identifiers with collision-resistant names, e.g., using reverse domain, URIs. This CAIP would solve this issue.
Thanks for dropping a message here. I opened an issue on that repo, but happy to move the discussion over here. Which would you prefer @jaredhanson?
On the topic of JWTs and to add some context, MetaMask Snaps was surprised that we had a request to expose ability to sign JWTs.
We didn't see the use-case, but if there's enough feature requests we'd like to revisit it.
@jaredhanson any update here? DM me on Discord, twitter, etc if a 1:1 meeting would help!
Hello! I work at Okta/Auth0, am an advisor to Dynamic, and maintain various Node.js packages for identity-related functionality (Passport.js, OAuth2orize, etc.)
I've put together a proposal on how to represent blockchain accounts and assets in a JWT. As off-chain applications adopt Web3 technologies, through specifications such as CAIP-122, this allows services to have a common way to do authorization based on accounts or assets owned (token-gating).
I'd love to get this communities feedback on the proposal. If there's interest, I will submit a PR to this repo consideration as a CAIP. Thanks!
https://github.com/jaredhanson/id-blockchain-claims-in-jwt