smallrye-jwt icon indicating copy to clipboard operation
smallrye-jwt copied to clipboard
verified publisher icon smallrye

Create RFC7662 TokenIntrospectionFactory

Open sberyozkin opened this issue 6 years ago • 3 comments

RFC 7662 talks about OAuth2/OIDC servers returning token introspection responses. Keycloak also implements it: https://issues.jboss.org/browse/KEYCLOAK-2266

Having such a factory will let the users (optionally) integrate with any certified OIDC servers. It will also allow to support the encrypted tokens issued by such servers (which choose to encrypt them) since importing the private keys of these providers into MP-JWT endpoints is not possible.

sberyozkin avatar Apr 03 '19 15:04 sberyozkin

Might require a provided smallrye-rest-client dependency

sberyozkin avatar Apr 03 '19 15:04 sberyozkin

Now that we have split the implementation into sub-modules, the solution to this issue becomes clearer:

  • introduce smallrye-jwt-introspection module which will have
  • CDI Alternative JWTCallerPrincipalFactory which will use Mutiny Vert.x WebClient to introspect a token
  • If the introspected token is active and it is JWT then DefaultJWTTokenPrincipal is returned
  • if it is not JWT then it is created from the introspection response which may include the username and a few other properties which can be converted into claims

sberyozkin avatar Dec 10 '20 15:12 sberyozkin

hello @sberyozkin, can I help out with this issue?

cotnic avatar Dec 20 '22 21:12 cotnic