Open mofr93 opened 1 month ago
sevensolutions
commented
1 month ago Hi @mofr93 you mean the token is not a JWT token?
At the beginning of this plugin i was always using the introspection endpoint but removed it because it will be called for every single endpoint, which can slow everything down...
I have already used Vault but not as an OIDC Provider. I will have a closer look on the weekend.
mofr93
commented
1 month ago Hey @sevensolutions
Thanks for the reply.
Yes, the access_token is just an opaque token that is only used for calling the introspection endpoint in Vault, so no JWT. I see the problems with calling this endpoint everytime. Maybe it needs to have some sort of cache set up. I tried this other project that just verifies the id_token which works for me https://github.com/lukaszraczylo/traefikoidc
Hi,
Hashicorp vault OIDC provider issues an opaque access_token. They recommend we use the userinfo_endpoint for introspection, because the access_token itself cannot be parsed, therefore it is not working. Is there any plans to support verification of claims etc. from the userinfo_endpoint?