Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for verifying OIDC JWT claims with custom Jose4j Validator #39425

Closed
sberyozkin opened this issue Mar 14, 2024 · 1 comment · Fixed by #39793
Closed

Support for verifying OIDC JWT claims with custom Jose4j Validator #39425

sberyozkin opened this issue Mar 14, 2024 · 1 comment · Fixed by #39793
Assignees
@michalvavrik
Labels
area/oidc area/security area/smallrye kind/enhancement New feature or request
Milestone
3.10.0.CR1

Comments

@sberyozkin
Copy link
Member

sberyozkin commented Mar 14, 2024
edited
Loading

Description

Right now, as part of the JWT token validation process, apart from the signature check, various simple claims with expected configured values can be checked.

If the claims are complex (objects, arrays) or if the simple claim values are dynamic, then, either the custom HttpSecurityPolicy or SecurityIdentityAugmentor can help, but neither of these options is ideal, the former requires to configure matching paths, the latter's job is really to augment, and both options are available after the SecurityIdentity has been created.

Supporting custom Jose4j Validator will close this gap, they are run as part the Jose4j process, before SecurityIdentity is created. In fact we already register the one internally for the simple claims, but letting users customize it further would be useful

CC @calvernaz

Implementation ideas

OidcProvider checks with Arc if custom Jose4J validators are available and if yes, registers them all before requesting the token verification
@sberyozkin sberyozkin added the kind/enhancement New feature or request label Mar 14, 2024
@quarkus-bot
Copy link

quarkus-bot bot commented Mar 14, 2024

/cc @pedroigor (oidc)

@michalvavrik michalvavrik self-assigned this Mar 28, 2024
@michalvavrik michalvavrik mentioned this issue Mar 29, 2024
Merged
@quarkus-bot quarkus-bot bot added this to the 3.10 - main milestone Mar 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michalvavrik michalvavrik

Labels
area/oidc area/security area/smallrye kind/enhancement New feature or request
Projects
None yet
Milestone
3.10.0.CR1
Development

Successfully merging a pull request may close this issue.

Support for verifying OIDC JWT claims with custom Jose4j Validator michalvavrik/quarkus
2 participants
@sberyozkin @michalvavrik