feat(jans-cedarling): Parse access_token -- create Access Token and Workload entities

[olehbozhok]

Is your feature request related to a problem? Please describe. To make the authorization request we need:

• parse access_token
• create access token and Workload entity

Describe the solution you'd like

• Create the JWT service instance that allows to decode claims without validating JWT

• Insert JWT service to Authz during initialization

• add basic Request struct based on the link

  • in current implementation have only access token field

• Add in Authz method pub fn is_authorized(&self, input: Request)

• create function to create Workload entity.

• Probably we need to add implementation to cache token information to not decode it each time

Additional context

The access token is issued based on a request to the OAuth /token endpoint, which requires client authentication. This authenitcation proves which workload authenticated.

An id_token is a JWT issued to detail a User authentication event (i.e. User = human). It tells you who authenticated (the subject or sub), when the person authenticated (authn_time), how they authenticated (acr). The id_token also tells you the aud -- i.e. to which workload this token was issued. But the id_token itself does not prove any client authentication--the only place the client authenticates is at the /token endpoint. In OpenID, sometimes an id_token is returned without client authentication (i.e. PKCE flow or implicit flow).

[nynymike]

Looks good.

[olehbozhok]

It looks like it has sense to cache only when CEDARLING_JWT_VALIDATION has value Enabled

But we have no implementation to this.

Only for Disabled. And in this case, all we do it is decoding base64 and parsing JSON

In the current sparKV implementation, we store data in string. So using the cache we also need to parse JSON. So using cache for Disabled value has no sense...