Introspect JWT token - Githubissues

labbsr0x / whisper-client

Defines a script to be used when initializing a client app that communicates with hydra's oauth endpoints

MIT License

0 stars 1 forks source link

Introspect JWT token #3

Open eabili0 opened 5 years ago

eabili0 commented 5 years ago

IntrospectToken should check if the token is a JWT, and open it locally (without going to hydra)

claudiosegala commented 5 years ago

@abilioesteves just to confirm, the steps to this would be something like:

Configure

Retrieve Hydra Public Certificate (HPC) with Json Web Keys Endpoint
Store in HydraClient Struct

Instrospect Modification

Verify if the token is JWT Possible using this regex: /^[a-zA-Z0-9\-_]+?\.[a-zA-Z0-9\-_]+?\.([a-zA-Z0-9\-_]+)?$/;, source.
Validate Access Token JWT with HPC
Return the info contained in the token

Questions

Should I find a dependency to take care of the validation of JWT or build my own? We kinda have implemented some simple version for whisper.

eabili0 commented 5 years ago

Yes! That's correct! @claudiosegala