Skip to content
This repository has been archived by the owner on Oct 29, 2021. It is now read-only.

Use iss field for validation? #179

Open
cdupont opened this issue Oct 14, 2020 · 3 comments
Open

Use iss field for validation? #179

cdupont opened this issue Oct 14, 2020 · 3 comments

Comments

@cdupont
Copy link

cdupont commented Oct 14, 2020
edited
Loading

In the JWT there is a field "iss", that contains the issuer claim.
For example (in the case of Keycloak):

"iss": "https://example.com/auth/realms/my-realm",

This address gives:

{
  "realm": "example",
  "public_key": "MIIBIjANBgkqh...........",
  "token-service": "https://example.com/auth/realms/waziup/protocol/openid-connect",
  "account-service": "https://example.com/auth/realms/waziup/account",
  "tokens-not-before": 1587561531
}

Is it possible to use that in Servant-Auth? Maybe as an option in JWTSettings?
@cdupont cdupont changed the title Use issuer for validation? Use iss field for validation? Oct 14, 2020
@domenkozar
Copy link
Collaborator

You can provide your own instance for FromJWT and ToJWT. I do this as well :)

@cdupont
Copy link
Author

cdupont commented Oct 27, 2020
edited
Loading

Hi @domenkozar ,
no, what I meant is to perform a request to the "iss" (Issuer address) to get the JWKSet.
This JWKSet can then be used to verify the JWT/ extract claims.
Something like that (psoeudocode):

  1. Receive a JWT
  2. open the JWT and read the "iss" address
  3. Get the JWKSet from the iss (HTTP GET)
  4. Verify/extract the claims from the JWT using the JWKSet

This could be an option in the JWTSettings.

@domenkozar
Copy link
Collaborator

Sure.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@domenkozar @cdupont