Benjamin Foote

Thanks, that link has good advice IMHO. You can always immediately invalidate all tokens by changing the `vouch.jwt.secret`. This is the suggested practice for the "firing an employee" use case...

@aaronpk that's correct, VP does not utilize `preferred_username`. It can be passed downstream in a header but VP doesn't use it.

@bselu-cso I think I know where you're headed but for posterity could you clarify and expand your use case a bit? What problem are you trying to solve? Is this...

@bgehman that sounds reasonable As a first step towards integration and design could you outline how you'd like to trigger/request and manage this flow with the existing endpoints `/validate`, `/login`,...

@aaronpk wrt to... > I'll try to come up with an alternative flow that I think would map better to existing specs. Would love to hear your thoughts if you're...

@aaronpk fantastic stuff! Thanks for fleshing that out and for the diagram. wrt.. > This endpoint accepts client credentials (client_id and client_secret) which could either be registered ahead of time...

@bselu-cso thanks for those... VP doesn't really care where a request originates. It tries to be as dumb a service as possible. For VP development there's always a few common...

@sp-manuel-jurado thanks for chiming in here. Yes it seems like this would be a good addition to VP. Am I hearing that you would have some interest in working on...

Looks like integration with `Traefik` should be really straight forward, though VP would need to offer the 302 redirect to `/login` explicitly. VP would need to return the fqdn `https://vouch.example.com/login`...

Thanks for the suggestion and contribution. Since you have code ready to go (and tests! Thank you), please feel free to open a PR and we can continue the conversation...