[jboss-jira] [JBoss JIRA] (ELY-460) Add JWT local validation support to OAuth2 Security Realm
Pedro Igor (JIRA)
issues at jboss.org
Wed Mar 16 06:51:00 EDT 2016
Pedro Igor created ELY-460:
------------------------------
Summary: Add JWT local validation support to OAuth2 Security Realm
Key: ELY-460
URL: https://issues.jboss.org/browse/ELY-460
Project: WildFly Elytron
Issue Type: Feature Request
Components: Realms
Affects Versions: 1.0.2.Final
Reporter: Pedro Igor
Assignee: Pedro Igor
Currently the OAuth2 Security Realm is based on the a Token Introspection Endpoint at the AS to validate the token and create identities from it, which may be called remote validation.
However, we may want to perform a local validation of the token if the token is using JWT, which is a standard format. In this case, we don't need to call the server at all and we just validate the token locally based on the signature (JWS), expiration, audience and any other condition recommended by the specs.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list