Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor(jans-cedarling): relocate tokens from context to user and workload entities #10506

Open
rmarinn opened this issue Dec 25, 2024 · 0 comments
Open

refactor(jans-cedarling): relocate tokens from context to user and workload entities #10506

rmarinn opened this issue Dec 25, 2024 · 0 comments
Assignees
@rmarinn
Labels
comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-enhancement Issue or PR is an enhancement to an existing functionality

Comments

@rmarinn
Copy link
Contributor

rmarinn commented Dec 25, 2024

Is your feature request related to a problem? Please describe.

In the current implementation, tokens such as access_token, id_token, and userinfo_token are included in the Context entity. To simplify policy definitions and improve clarity, we can move the access_token to the Workload entity and relocating the id_token and userinfo_token to the User entity. This change directly associates tokens with their respective owners, making policies easier to express.

Describe the solution you'd like

We need to update the schema:

entity Workload = {
    "client_id": String,
    "iss": TrustedIssuer,
    "name"?: String,
    "rp_id"?: String,
    "spiffe_id"?: String,
    "access_token"?: Access_token,    // Moved from Context
    "id_token"?: id_token,    // Moved from Context
};
entity User in [Role] = {
    "email"?: email_address,
    "phone_number"?: String,
    "role": Set<String>,
    "sub": String,
    "username"?: String,
    "id_token"?: id_token,    // Moved from Context
    "userinfo_token"?: userinfo_token,    // Moved from Context
};

Describe alternatives you've considered
N/A

Additional context
N/A
@rmarinn rmarinn assigned moabu and rmarinn and unassigned moabu Dec 25, 2024
@rmarinn rmarinn added the comp-jans-cedarling Touching folder /jans-cedarling label Dec 25, 2024
@mo-auto mo-auto added the kind-enhancement Issue or PR is an enhancement to an existing functionality label Dec 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rmarinn rmarinn

Labels
comp-jans-cedarling Touching folder /jans-cedarling enhancement kind-enhancement Issue or PR is an enhancement to an existing functionality
Projects
None yet
Milestone
No milestone
Development

When branches are created from issues, their pull requests are automatically linked.

jans-cedarling-10506 JanssenProject/jans
3 participants
@rmarinn @moabu @mo-auto