Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-cedarling): implement CEDARLING_ID_TOKEN_TRUST_MODE #10479

Open
4 tasks
rmarinn opened this issue Dec 21, 2024 · 0 comments
Open
4 tasks

feat(jans-cedarling): implement CEDARLING_ID_TOKEN_TRUST_MODE #10479

rmarinn opened this issue Dec 21, 2024 · 0 comments
Assignees
@rmarinn
Labels
comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-feature Issue or PR is a new feature request

Comments

@rmarinn
Copy link
Contributor

rmarinn commented Dec 21, 2024

Is your feature request related to a problem? Please describe.

The bootstrap property CEDARLING_ID_TOKEN_TRUST_MODE was initially implemented in the jwt module but is no longer possible after #10436. We need to re-implement this feature but in the authz module.

Describe the solution you'd like

Add support for the CEDARLING_ID_TOKEN_TRUST_MODE property in the authz module, with the following configuration:

Strict mode:

  • id_token.aud must match the access_token.client_id.
  • If a Userinfo token is present:
    • The sub must match the id_token.sub.
    • The aud must match the access_token.client_id.

None mode:

  • No additional validations are applied.

Describe alternatives you've considered

No viable alternatives identified. This functionality needs to be implemented in the authz module to restore the intended behavior.

Additional context
N/A
@rmarinn rmarinn added comp-jans-cedarling Touching folder /jans-cedarling enhancement labels Dec 21, 2024
@rmarinn rmarinn self-assigned this Dec 21, 2024
@mo-auto mo-auto added the kind-feature Issue or PR is a new feature request label Dec 21, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmarinn rmarinn

Labels
comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rmarinn @mo-auto