Open hsblhsn opened 2 years ago
The spans that would contain this info, what operation in your application would they correspond to? For example, would you just put this data on the top-level SERVER-type spans? Or somewhere else?
I’m reminded a bit of the enduser
namespace: https://github.com/open-telemetry/semantic-conventions/blob/5077fd5ccf64e3ad0821866cc80d77bb24098ba2/docs/general/attributes.md#general-identity-attributes
edit: The enduser
namespace is replaced by user
as of May 2024; see https://github.com/open-telemetry/semantic-conventions/blob/5077fd5ccf64e3ad0821866cc80d77bb24098ba2/docs/attributes-registry/user.md
Can you list what data you want to store and the scenarios for using it? I wonder if those are reusable beyond the JWT token scenario or specific to it
This is what I am using right now:
const (
AttributeKID = attribute.Key("jwt.headers.kid") // public key id.
AttributeID = attribute.Key("jwt.claims.jti") // token id.
AttributeIssuer = attribute.Key("jwt.claims.iss") // issuer.
AttributeSubject = attribute.Key("jwt.claims.sub") // subject (user_id).
AttributeAudience = attribute.Key("jwt.claims.aud") // audience (my domain).
AttributeAuthorizedParty = attribute.Key("jwt.claims.azp") // Authorized party (client_id).
AttributeExpiresAt = attribute.Key("jwt.claims.exp") // Expiry.
AttributeNotBefore = attribute.Key("jwt.claims.nbf") // Not before.
AttributeIssuedAt = attribute.Key("jwt.claims.iat") // Issued At.
AttributePurpose = attribute.Key("jwt.claims.purpose") // Purspose of the token.
AttributeScopes = attribute.Key("jwt.claims.scopes") // Scopes and permissions.
)
Here I am using the standard claim names of the jwt spec. I believe we can go further and use readable attributes and reuse them whenever possible. The above code is my very personal implementation.
related #1172
What are you trying to achieve?
I want to log my jwt token data into my trace and spans. But there is not semantic naming conventions to that. I found
enduser.id
but that is for storing only the end user. While a jwt token consists of lot of things likeexpiration
,issuer
,audience
e.t.c.What did you expect to see?
I want to see a standardized naming convention for jwt tokens.