search

gitpod-io / gitpod

The developer platform for on-demand cloud development environments to create software faster and more securely.
https://www.gitpod.io
GNU Affero General Public License v3.0
12.74k stars 1.22k forks source link

JWT claim for shared workspace data #17811

Closed ChevronTango closed 4 months ago

ChevronTango commented 1 year ago

Is your feature request related to a problem? Please describe

Currently a JWT is used to identify a user, but in the case of shared workspaces some JWTs may be accessible to other authorised users. Certain downstream systems may object to this, or at the very least wish to record it.

Fulcio for example adds the additional claims to the certificate and some of those can be parsed into x509 extensions.

Describe the behaviour you'd like

A set of new claims on the JWT token issued by gp idp which indicates if the workspace was shares at the time of issuing, and any additional authenticated users who had access to the workspace at the time.

Describe alternatives you've considered

Additional context

For downstream systems to trust Gitpod I think its right that we are open and transparent about what is going on in the workspace.

https://github.com/sigstore/fulcio/blob/main/docs/oid-info.md

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.