oauth2-server
oauth2-server copied to clipboard
thephpleague
Support for JWT Bearer Grant Type
Hi,
I looked up the documentation but could not find anything. Does the server support the JWT Bearer Grant Type [https://tools.ietf.org/html/rfc7523]?
@alexbilbie: sorry to bother you, but I can't find the corresponding Grant Type for JWT Bearer, neither in the docs nor in the code.
Basically what I would like my api client (machine) to do is to send a POST request with the following fields:
grant_type: urn:ietf:params:oauth:grant-type:jwt-bearer
assertion: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJodHRwczovL3d3dy5teS1jbGllbnQtYXBwLmNvbSIsInN1YiI6Im1haWx0bzp5b3VyZW1haWxAeW91cnNlcnZlci5jb20iLCJuYmYiOjE0NjEzODk3NzEsImV4cCI6MTQ2MTM5MzM3MSwiaWF0IjoxNDYxMzg5NzcxLCJhdWQiOiJodHRwczovL2F1dGgub2ZmaXN5LmF0In0.wg463pTnO5xlNVelnzz7MlAQ-oNkv6lunyJ3TIKWrAxRTonONuPqPk0n6lrizIqap8iqsVALvDrfaLVuPrBWy4HAAjv2mcQwcp0y4d1hFeImMaf-5CwIP_WcGHQrXKCkJtmIDFL4w8rmjbjP85KY0BpU3YiDWaRkRqs09x1G6capMFs0I7ib5FsjZ_-zBHLcXZQmnL9wbfaabxjNLCayVFEFTuqzXE3Mc-_WV2jb2gXbiFzii-DgeMlpqjtQcZb4taDcDM6Izte1DUVW_oQC0nmf8ELk_JFNV4yzNF4PtXjN5AHxsC_ryH8sEzyZwHuQRom_e6I_T3YvVzKYkgjpEQ
whereas assertion is the following jwt encoded payload, signed with the private key of the client-machine
{
"iss": "https://www.my-client-app.com",
"sub": "mailto:[email protected]",
"nbf": 1461389771,
"exp": 1461393371,
"iat": 1461389771,
"aud": "https://auth.offisy.at"
}
what I would like to receive back from the auth server is a response as follows:
{
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJpZCI6IjZkNGNhYmVjODdmODVjNzU3NWU3NjFjMDFlNWU3MWEwYzdiNTliZWIiLCJqdGkiOiI2ZDRjYWJlYzg3Zjg1Yzc1NzVlNzYxYzAxZTVlNzFhMGM3YjU5YmViIiwiaXNzIjoiYXV0aC5vZmZpc3kuZGV2IiwiYXVkIjoiaHR0cHM6XC9cL3d3dy5teS1jbGllbnQtYXBwLmNvbSIsInN1YiI6Im1haWx0bzp5b3VyZW1haWxAeW91cnNlcnZlci5jb20iLCJleHAiOjE0NjEzOTU5NDksImlhdCI6MTQ2MTM5MjM0OSwidG9rZW5fdHlwZSI6ImJlYXJlciIsInNjb3BlIjpudWxsfQ.YNkz76O1cgU_8dU4dwxI-ZWZP0iGMpUaD85cTQuZjNVLQbSx1ofRCbhzzrpV25JuA-SpSPGtvOqUUcsPAafc-gfT2jqVj50absVQ4gLgcikqEE54F-3fkgYgJkcKZyaY5dmS1-I797fRAIHRXsgag5Tp1oppOoH9uxzVBwOUGUESU6_zUiHtGEmy42RM1MM7kncsE9oTh3sxO-H1S11-u7x_G2R0zhCL83KgkPYe6oLnZkw_LYPOsr22T-8OsOu8k0VoUqXWvjwuAnGUXY9BXEZAyWQFplNRE0uxWZ0o5uFXtDUOkpfg48JWS8IYfsMsyNQgtIPFqsTfDGpioFteFw",
"expires_in": 3600,
"token_type": "bearer",
"scope": null
}
e.g. a jwt token, signed by the private key of the auth server, which can be used to authenticate against the application servers.
Basically this is a special version of a Client Credentials Grant but with the validateClient() method rewritten. I just wanted to double check that I do not oversee something, but eventually I could provide a PR for the implementation.
With thanks.
My apologies I misunderstood.
The library doesn't currently support that grant but having read through the RFC it looks fairly simple to implement.
It looks like there are two units of work:
- Implement client authentication using client assertions
- Support the JWT Bearer Grant Type.
I've opened ticket #556 to track client auth, and I will re-open this ticket to track the grant type
@alexbilbie - has there been any movement on this. I am looking to use it with laravel passport.
@darrencoutts118 I will try and get something implemented for this within the month, depending on real life etc. I think @alexbilbie had made a start on this so I will take a look and jump off from there. Cheers for your patience
Is this still being worked on? There was a mention that someone started work on it. Do we have a branch?
No work started on this. Currently working on releasing v9 which is focusing on the device code grant