CAIPs icon indicating copy to clipboard operation
CAIPs copied to clipboard

Published 20 hours ago verified publisher icon ChainAgnostic

Feedback on Blockchain Claims for use in JWT

Open jaredhanson opened this issue 3 years ago • 6 comments
trafficstars

Hello! I work at Okta/Auth0, am an advisor to Dynamic, and maintain various Node.js packages for identity-related functionality (Passport.js, OAuth2orize, etc.)

I've put together a proposal on how to represent blockchain accounts and assets in a JWT. As off-chain applications adopt Web3 technologies, through specifications such as CAIP-122, this allows services to have a common way to do authorization based on accounts or assets owned (token-gating).

I'd love to get this communities feedback on the proposal. If there's interest, I will submit a PR to this repo consideration as a CAIP. Thanks!

https://github.com/jaredhanson/id-blockchain-claims-in-jwt

jaredhanson avatar Aug 08 '22 18:08 jaredhanson

This is very interesting-- but I'm not sure very many of us in CASA are JW* experts, much less experts in how OIDC tokens profile JW*. Is the goal to get CASA feedback first and use that to define a JWT profile/scheme for IANA?

bumblefudge avatar Aug 19 '22 08:08 bumblefudge

Yeah, that's the objective. Standardizing the claims so they are in the IANA registry would be the ideal outcome. The specification (once finalized) could be submitted to the most relevant organization, I suspect IETF would be appropriate but it could also be hosted here if there is interest. Either way, feedback from this community would be appreciated.

jaredhanson avatar Aug 19 '22 17:08 jaredhanson

I think this is really useful. This allows people to include blockchain accounts in JOSE objects without name ambiguity. Also +1 for registering in IANA after the CAIP was approved. A lot of applications don't allow custom claims if they are not registered in IANA or don't use identifiers with collision-resistant names, e.g., using reverse domain, URIs. This CAIP would solve this issue.

awoie avatar Aug 26 '22 10:08 awoie

Thanks for dropping a message here. I opened an issue on that repo, but happy to move the discussion over here. Which would you prefer @jaredhanson?

kdenhartog avatar Sep 26 '22 04:09 kdenhartog

On the topic of JWTs and to add some context, MetaMask Snaps was surprised that we had a request to expose ability to sign JWTs.

We didn't see the use-case, but if there's enough feature requests we'd like to revisit it.

ritave avatar Nov 17 '22 17:11 ritave

@jaredhanson any update here? DM me on Discord, twitter, etc if a 1:1 meeting would help!

bumblefudge avatar Feb 07 '23 10:02 bumblefudge