search

canonical / identity-platform-admin-ui

Admin UI for the Canonical identity broker and identity provider solution
Other
6 stars 4 forks source link

Improve bearer token support with Admin Service backend encryption - just like we do with cookies #342

Open BarcoMasile opened 3 months ago

BarcoMasile commented 3 months ago

Description

Right now bearer token support for Admin UI authentication (CLI use case) is not up to the level of the browser user use case regarding security. Auth cookies get symmetrically encrypted meanwhile there's no such thing for bearer token, meaning you can authenticate invocation towards the Admin UI with an unencrypted JWT bearer token (with the correct audience of course). We should improve on this and provide a way to allow CLIs to "retrieve" encrypted access tokens for consumption with the Admin UI.

syncronize-issues-to-jira[bot] commented 3 months ago

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-946.

This message was autogenerated