]
Darran Lofthouse updated ELY-1910:
----------------------------------
Fix Version/s: 2.0.0.Alpha8
(was: 2.0.0.Alpha7)
Develop JWT Token Issuer
------------------------
Key: ELY-1910
URL:
https://issues.redhat.com/browse/ELY-1910
Project: WildFly Elytron
Issue Type: Feature Request
Components: API / SPI
Reporter: Darran Lofthouse
Priority: Major
Fix For: 2.0.0.Alpha8
Assigning to API / SPI for now but we may want to create a new component to track token
based authentication, especially JWT.
It may be desirable for us to be able to issue JWT tokens that can be used elsewhere.
At the moment our identity propagation makes use of credentials delegated to us during
authentication but we have some more opportunities if we can obtain new credentials
dynamically for this propagation.
An ideal use case for this could be a traditional web application already secured using
traditional authentication such as username / password via a form, in that case the
application will have a resulting SecurityIdentity with attributes, roles, and permissions
assigned.
This feature request is to consider a component internal to the process to convert the
SecurityIdentity to a JWT token that can now be used for any outbound calls as the
identity to propagate the identity.
One possibility is some kind of transformation that can be applied on the SecurityDomain
so the resulting SecurityIdentity has an associated JWT token credential as soon as it is
created.
Another alternative is more integration within authentication client, the destination
could be taken into account so different tokens / mappings are applied for different
destinations.
I wont create the separate Jira issue yet but this could also open an option to
dynamically obtain a token from a remote issuer - we may have been delegated a credential
we can use to authentication against a remote identity provider and request a token that
way.