Details
-
Type:
Story
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: Not Applicable
-
Fix Version/s: 6.5.1, 7.0.0-micsvc-1.0.0, 7.0.0
-
Component/s: OAuth 2.0
-
Labels:None
-
Epic Link:
-
Sprint:OpenIG Sprint 134, OpenIG Sprint 137 (Release), OpenIG Sprint 138 (7.0 init)
-
Story Points:3
Description
As a developer, I want to have a re-usable API to validate my JWTs, in order to maximize re-use, readability and composition of the described constraints.
Motivation
JWT validation is required in more and more places in IG (CDSSO, Stateless access token resolver and soon the id token validation filter), so that make sense to have a better API to declare constraints on a JWT.
Expectations
From a user PoV, the API could looks like this:
JwtValidator validator = JwtValidator.builder()
.claim(AUD, String.class, isEqualTo("george"))
.claim("iss", isPresent())
.claim(EXP.value(), hasNotExpired(systemUTC()))
.build();
boolean valid = validator.validate(jwt);
List<Violation> violations = validator.report(jwt);
Acceptance Criteria
- Ability to build a validator that I can configure with different constraints
- Validator can be re-used to validate any incoming JWT (but not the encrypted one)
- Validator offer 2 methods:
- Simply know if the token is valid or not
- Returns a list of violations