[jboss-jira] [JBoss JIRA] (ELY-1910) Develop JWT Token Issuer

Darran Lofthouse (Jira) issues at jboss.org
Thu Jun 4 11:42:06 EDT 2020 

     [ https://issues.redhat.com/browse/ELY-1910?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Darran Lofthouse updated ELY-1910:
----------------------------------
    Fix Version/s: 2.0.0.Alpha8
                       (was: 2.0.0.Alpha7)


> Develop JWT Token Issuer
> ------------------------
>
>                 Key: ELY-1910
>                 URL: https://issues.redhat.com/browse/ELY-1910
>             Project: WildFly Elytron
>          Issue Type: Feature Request
>          Components: API / SPI
>            Reporter: Darran Lofthouse
>            Priority: Major
>             Fix For: 2.0.0.Alpha8
>
>
> Assigning to API / SPI for now but we may want to create a new component to track token based authentication, especially JWT.
> It may be desirable for us to be able to issue JWT tokens that can be used elsewhere.
> At the moment our identity propagation makes use of credentials delegated to us during authentication but we have some more opportunities if we can obtain new credentials dynamically for this propagation.
> An ideal use case for this could be a traditional web application already secured using traditional authentication such as username / password via a form, in that case the application will have a resulting SecurityIdentity with attributes, roles, and permissions assigned.
> This feature request is to consider a component internal to the process to convert the SecurityIdentity to a JWT token that can now be used for any outbound calls as the identity to propagate the identity.
> One possibility is some kind of transformation that can be applied on the SecurityDomain so the resulting SecurityIdentity has an associated JWT token credential as soon as it is created.
> Another alternative is more integration within authentication client, the destination could be taken into account so different tokens / mappings are applied for different destinations.
> I wont create the separate Jira issue yet but this could also open an option to dynamically obtain a token from a remote issuer - we may have been delegated a credential we can use to authentication against a remote identity provider and request a token that way.



--
This message was sent by Atlassian Jira
(v7.13.8#713008)

More information about the jboss-jira mailing list