You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now, as part of the JWT token validation process, apart from the signature check, various simple claims with expected configured values can be checked.
If the claims are complex (objects, arrays) or if the simple claim values are dynamic, then, either the custom HttpSecurityPolicy or SecurityIdentityAugmentor can help, but neither of these options is ideal, the former requires to configure matching paths, the latter's job is really to augment, and both options are available after the SecurityIdentity has been created.
Supporting custom Jose4j Validator will close this gap, they are run as part the Jose4j process, before SecurityIdentity is created. In fact we already register the one internally for the simple claims, but letting users customize it further would be useful
Description
Right now, as part of the JWT token validation process, apart from the signature check, various simple claims with expected configured values can be checked.
If the claims are complex (objects, arrays) or if the simple claim values are dynamic, then, either the custom
HttpSecurityPolicy
orSecurityIdentityAugmentor
can help, but neither of these options is ideal, the former requires to configure matching paths, the latter's job is really to augment, and both options are available after theSecurityIdentity
has been created.Supporting custom Jose4j
Validator
will close this gap, they are run as part the Jose4j process, beforeSecurityIdentity
is created. In fact we already register the one internally for the simple claims, but letting users customize it further would be usefulCC @calvernaz
Implementation ideas
OidcProvider
checks withArc
if custom Jose4J validators are available and if yes, registers them all before requesting the token verificationThe text was updated successfully, but these errors were encountered: