-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add token web hook for all grants types #3244
Comments
I have some demand for on-the-fly scope/audience check due to API consumer might have changed it's subscriptions on the API portal which has different client (consumer) lifecycle than Hydra has. Also inserting some API-GW related consumer ID should make call control easier on GW side. This is still not possible using client_credentials flow with Hydra. |
Yeah, I think this is a pretty good idea |
Great, I'm already working on it, I still have some tests to run and I should be able to create a PR soon. |
Added a generic token hook that is called for all grant types and includes `payload` with a single allowed value - `assertion` to cover the `jwt-bearer` grant type customization. The existing `refresh token hook` is left unchanged and is considered to be deprecated in favor of the new hook logic. The `refresh token hook` will at some point be removed. Closes ory#3244 Closes ory/fosite#729
Preflight checklist
Describe your problem
Currently there exists a web hooks for refresh_token grants, but customizing other grant types is either not possible or not easy.
For example, customizing access_code tokens can be done in the consent endpoint, but customizing client_credentials is not possible.
Describe your ideal solution
Add access_token, jwt_profile and client_credentials web hooks working in a similar way to the existing refresh_token web hook.
Workarounds or alternatives
#1748 Would allow limited customization of all claims, not allowing more dynamic claims.
#1383 Is about setting static claims to client_credential tokens
Version
2.0
Additional Context
I was unsure if this was big enough to need a design document, If it does, pleas close this issue and I will remake it with a design document.
The text was updated successfully, but these errors were encountered: