As a developer, I want to have a re-usable API to validate my JWTs, in order to maximize re-use, readability and composition of the described constraints.
JWT validation is required in more and more places in IG (CDSSO, Stateless access token resolver and soon the id token validation filter), so that make sense to have a better API to declare constraints on a JWT.
From a user PoV, the API could looks like this:
- Ability to build a validator that I can configure with different constraints
- Validator can be re-used to validate any incoming JWT (but not the encrypted one)
- Validator offer 2 methods:
- Simply know if the token is valid or not
- Returns a list of violations