opa-spring-security icon indicating copy to clipboard operation
opa-spring-security copied to clipboard

Published 20 hours ago verified publisher icon Bisnode

Replace OAuth2 Authentication Provider with OPA

Open lkadalski opened this issue 3 years ago • 4 comments

We need a functionality where OPA will be responsible for filling security context in Spring. We should assume JWT token as input and response should be somehow mapped to Authentication object.

lkadalski avatar Oct 23 '20 07:10 lkadalski

The question is if whether we want this to be the only option. Perhaps for the first iteration, but it seems we'd probably want to support using this library without providing a JWT or using OAuth2.

anderseknert avatar Oct 23 '20 07:10 anderseknert

Actually we want to rid off OAuth2. I would leave "input" for user to choose.

lkadalski avatar Oct 23 '20 08:10 lkadalski

Exactly - this library should not depend on OAuth2. My concern was around this:

We should assume JWT token as input

anderseknert avatar Oct 23 '20 08:10 anderseknert

yea, I meant some generic input :) jwt token is rather our case

lkadalski avatar Oct 23 '20 08:10 lkadalski