Open elizabethhealy opened 4 months ago
should help solve https://github.com/opentdf/platform/issues/785
It should be assumed claims is a type that can be parsed/queried by jq.
Do we need full jq support, or could we keep it simple and only support object dot-notation? I have no opinion if we use a jq compliant library under the hood, but limiting what we advertise will reduce complexity and cost less to maintain.
That said, since OIDC requires JWT I think this is a safe assumption... if not then we fail ans unauthorized.
@jrschumacher im fine either way, i think dot notation is probably simpler and easier to support, or maybe some variation of dot notation that also supports like like item1.item2[*]
@elizabethhealy is this completed or should we reopen?
we should reopen, i think there was another ticket issue linked to this as well, ill find it
Enable the claims entity type in opa. It should not call ERS when the entity type is claims but rather should evaluate the subject mappings on the claims themselves. (I believe this is the expected behavior for this flow.) It should be assumed claims is a type that can be parsed/queried by jq.