hoauth2 icon indicating copy to clipboard operation
hoauth2 copied to clipboard
verified publisher icon freizl

Feature: JWT decoding

Open ocramz opened this issue 2 years ago • 2 comments

Many OAuth2 access tokens seem to be JWT-encoded and I often decode them to obtain an user ID (e.g. from the 'sub' field of JWT). This is not strictly standard but the industry seems to be moving in this direction https://datatracker.ietf.org/doc/html/draft-ietf-oauth-access-token-jwt-10

Using something like jwt package perhaps we could add a helper function OAuth2 -> Validation [Text] JWT or similar

ocramz avatar Jun 11 '23 08:06 ocramz

I've made a PR to jwt https://github.com/puffnfresh/haskell-jwt/pull/7 that if accepted could come in handy here as well.

ocramz avatar Jun 11 '23 12:06 ocramz

Good point! I'll be thinking to create another package like hoauth2-jwt which has helpers for access token and ID token validation if it's JWT.

freizl avatar Jun 12 '23 03:06 freizl