Closed Savrov closed 5 years ago
palmenhq
commented
5 years ago Just as a reference it's totally possible to writ your own I'm experimenting with this and am making a PoC that solves this.AccessTokenConverter.
Edit: Woops, didn't read through the issues properly hehe. I'll drop this link here anyways in case someone would care.
adhesivee
commented
5 years ago I will try to create JWT implementation for this. But I am not sure on how I would create particular things.
For example for the AccessTokenConverter it needs a JWT implementation like auth0, but I want to avoid to expose the library itself to much, so I need to abstract it somehow.
A good candidate is also to use JWT with is RefreshTokenConverter. This could then also store expiration for the refresh token.
adhesivee
commented
5 years ago I am trying to implement JWT here. The implementation is leaning strongly against the implementation of com.auth0:java-jwt.
JwtAccessTokenConverter and JwtRefreshTokenConverter will set:
By using jwtConfiguration: (JWTCreator.Builder) -> JWTCreator.Builder it should still be possible to add claims/configuration yourself. An important thing is that the Algorithm has to be provided outside of these classes. For me it wouldn't make much sense to create something here. So it will look like:
Algorithm algorithm = Algorithm.HMAC256("secret")
val accessTokenConverter = JwtAccessTokenConverter(algorithm)I need to build something to allow the implementor to remove the claims I set here. It could be the case they don't want to use this at all. @Savrov Is this something you could use, or did you expect something else?
Is your feature request related to a problem? Please describe. Add JWT feature for AccessToken. It will be great for a case when I have an auth server where I validate user and data server, where I would like to get content by userId (which can be stored in JWT payload) and expireAt (from JWT's "iat").
Describe the solution you'd like There will be an option to switch between UUID AccessToken and JWT AccessToken. All fields of AccessToken like "username", "clientId" can be stored inside JWT payload.
Describe alternatives you've considered The only opportunity I've found to do it is to override AccessTokenConverter, and for field "accessToken" generate a JWT string.