[FEATURE] Support OpenID in Document Level Security parameter substitution - Githubissues

opensearch-project / security

🔐 Secure your cluster with TLS, numerous authentication backends, data masking, audit logging as well as role-based access control on indices, documents, and fields

https://opensearch.org/docs/latest/security-plugin/index/

Apache License 2.0

189 stars 271 forks source link

[FEATURE] Support OpenID in Document Level Security parameter substitution #4332

Open BitRockCI opened 4 months ago

BitRockCI commented 4 months ago

Is your feature request related to a problem?

From documentation https://opensearch.org/docs/2.13/security/access-control/document-level-security/#parameter-substitution seems is not possible to use OpenID for attributes type.

https://forum.opensearch.org/t/document-layer-security-with-parameter-substitution-from-jwt-token-claims-doesnt-seem-to-work/14707

What solution would you like?

Be able to use OpenID type since it's mostly like jwt type in the end.

What alternatives have you considered?

Use jwt auth

Do you have any additional context?

I need to define some Document Level Security based on specific attributes from the JWT token and not only the user mapped role

cwperks commented 3 months ago

[Triage] Thank you for the feature request @BitRockCI!