connexion icon indicating copy to clipboard operation
connexion copied to clipboard
verified publisher icon spec-first

Proposal: JWT claim validation annotation

Open alfechner opened this issue 1 year ago • 3 comments

The security docs and the JWT example describe how to validate JWT token. It also shows how user object is passed to a handler method.

We plan to create a annotation to validate the JWT token claims. Something like that:

@claims("read:books")
def get_books(user):
    ...

Is that something you see being part of the framework?

I'd be happy to contribute.

alfechner avatar May 14 '24 09:05 alfechner

@alfechner I like this approach! For now I've implemented a 'self-built' claim validation. Let me know in case you already have an idea on how to start with the implementation.

feteu avatar Aug 03 '24 07:08 feteu

@alfechner, has there been some movement in the past couple of months, happy to contribute in case required.

@RobbeSneyders, what's your view on this topic, do you see that as useful within the framework (or rather as a dedicated middleware)?

feteu avatar Dec 16 '24 19:12 feteu

FYI I've created a middleware to cover the missing aspects of granular claim validation on a endpoint basis.

asgi-claim-validator

feteu avatar Jan 30 '25 20:01 feteu