[jboss-jira] [JBoss JIRA] (ELY-460) Add JWT local validation support to OAuth2 Security Realm
Pedro Igor (JIRA)
issues at jboss.org
Fri Apr 29 07:31:00 EDT 2016
[ https://issues.jboss.org/browse/ELY-460?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13198983#comment-13198983 ]
Pedro Igor commented on ELY-460:
--------------------------------
[~dmlloyd], we can use {{BearerTokenEvidence}} for this. I can't think of any reason to have a specific evidence to make this happen.
> Add JWT local validation support to OAuth2 Security Realm
> ---------------------------------------------------------
>
> Key: ELY-460
> URL: https://issues.jboss.org/browse/ELY-460
> Project: WildFly Elytron
> Issue Type: Feature Request
> Components: Realms
> Affects Versions: 1.0.2.Final
> Reporter: Pedro Igor
> Assignee: Pedro Igor
>
> Currently the OAuth2 Security Realm is based on the a Token Introspection Endpoint at the AS to validate the token and create identities from it, which may be called remote validation.
> However, we may want to perform a local validation of the token if the token is using JWT, which is a standard format. In this case, we don't need to call the server at all and we just validate the token locally based on the signature (JWS), expiration, audience and any other condition recommended by the specs.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list