Provide local validation of OAuth 2.0 JWT Access Tokens

irods / irods_client_http_api

An iRODS C++ HTTP API using Boost.Beast

BSD 3-Clause "New" or "Revised" License

0 stars 8 forks source link

Provide local validation of OAuth 2.0 JWT Access Tokens #343

Open MartinFlores751 opened 1 day ago

MartinFlores751 commented 1 day ago

Using the OAuth 2.0 Access Token JWT Profile^1, we should be able to validate access tokens for OpenID providers who give JWT access tokens but don't provide an introspection endpoint. This should cover most OpenID providers, though some providers may not provide either standard methods.

korydraughn commented 1 day ago

Does this overlap with any existing OAuth issues?

MartinFlores751 commented 1 day ago

Not from what I can tell. It's a bit adjacent to the validating tokens issue, though that's focused on our 'client mode'. This issue is focused on 'protected resource mode'.

korydraughn commented 1 day ago

Okay. Placing in the 0.5.0 milestone for now.

Can bump it if necessary.