Provide local validation of OAuth 2.0 JWT Access Tokens #343

MartinFlores751 · 2024-10-03T19:54:57Z

Using the OAuth 2.0 Access Token JWT Profile¹, we should be able to validate access tokens for OpenID providers who give JWT access tokens but don't provide an introspection endpoint. This should cover most OpenID providers, though some providers may not provide either standard methods.

https://www.rfc-editor.org/rfc/rfc9068 ↩

korydraughn · 2024-10-03T20:09:56Z

Does this overlap with any existing OAuth issues?

MartinFlores751 · 2024-10-03T20:14:41Z

Not from what I can tell. It's a bit adjacent to the validating tokens issue, though that's focused on our 'client mode'. This issue is focused on 'protected resource mode'.

korydraughn · 2024-10-03T21:34:38Z

Okay. Placing in the 0.5.0 milestone for now.

Can bump it if necessary.

MartinFlores751 self-assigned this Oct 3, 2024

korydraughn added the enhancement New feature or request label Oct 3, 2024

korydraughn added this to the 0.5.0 milestone Oct 3, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provide local validation of OAuth 2.0 JWT Access Tokens #343

Provide local validation of OAuth 2.0 JWT Access Tokens #343

MartinFlores751 commented Oct 3, 2024

korydraughn commented Oct 3, 2024

MartinFlores751 commented Oct 3, 2024

korydraughn commented Oct 3, 2024

Provide local validation of OAuth 2.0 JWT Access Tokens #343

Provide local validation of OAuth 2.0 JWT Access Tokens #343

Comments

MartinFlores751 commented Oct 3, 2024

Footnotes

korydraughn commented Oct 3, 2024

MartinFlores751 commented Oct 3, 2024

korydraughn commented Oct 3, 2024