]
Pedro Igor commented on ELY-460:
--------------------------------
[~dmlloyd], we can use {{BearerTokenEvidence}} for this. I can't think of any reason
to have a specific evidence to make this happen.
Add JWT local validation support to OAuth2 Security Realm
---------------------------------------------------------
Key: ELY-460
URL:
https://issues.jboss.org/browse/ELY-460
Project: WildFly Elytron
Issue Type: Feature Request
Components: Realms
Affects Versions: 1.0.2.Final
Reporter: Pedro Igor
Assignee: Pedro Igor
Currently the OAuth2 Security Realm is based on the a Token Introspection Endpoint at the
AS to validate the token and create identities from it, which may be called remote
validation.
However, we may want to perform a local validation of the token if the token is using
JWT, which is a standard format. In this case, we don't need to call the server at all
and we just validate the token locally based on the signature (JWS), expiration, audience
and any other condition recommended by the specs.