Uploaded image for project: 'WildFly Elytron'
  1. WildFly Elytron
  2. ELY-460

Add JWT local validation support to OAuth2 Security Realm

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • None
    • 1.0.2.Final
    • Realms
    • None

    Description

      Currently the OAuth2 Security Realm is based on the a Token Introspection Endpoint at the AS to validate the token and create identities from it, which may be called remote validation.

      However, we may want to perform a local validation of the token if the token is using JWT, which is a standard format. In this case, we don't need to call the server at all and we just validate the token locally based on the signature (JWS), expiration, audience and any other condition recommended by the specs.

      Attachments

        Issue Links

          is incorporated by

          Feature Request - Feature requests from customers and/or users ELY-523 Token-based Security Realm

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              psilva@redhat.com Pedro Igor Craveiro
              psilva@redhat.com Pedro Igor Craveiro
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: