Closed KieronWiltshire closed 1 year ago
After some research I've realised what I'm requesting really is an OAuth2 introspect. I will change the title and description to represent the actual issue.
@snowp
I should probably add to this that I think the best way to do this would be to allow the ability to introspect the token and create a custom JWT with claims from the introspection response, the payload's additional claims may look something like this:
{
"anonymous": "introspect.active",
"client_id": "introspect.client_id",
"username": "introspect.username",
"scopes": "introspect.scopes",
}
The question would be, how can the microservice verify the payload? This would likely need envoy to expose JWKS (which I don't think is a bad idea). It may also be a good idea to allow specific routes to allow "anonymous" fallback or not.
This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.
This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.
Description:
Very simply, I'd like an OAuth2 introspect filter which I can use on my routes passing additional info such as the subject and scopes as a bearer token with the additional possibility of providing a default subject if the introspection fails, such as "anonymous."
[optional Relevant Links:]