Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-2877

Refactor JwtValidation as a composeable service

    XMLWordPrintable

    Details

    • Sprint:
      OpenIG Sprint 134, OpenIG Sprint 137 (Release), OpenIG Sprint 138 (7.0 init)
    • Story Points:
      3

      Description

      As a developer, I want to have a re-usable API to validate my JWTs, in order to maximize re-use, readability and composition of the described constraints.

      Motivation

      JWT validation is required in more and more places in IG (CDSSO, Stateless access token resolver and soon the id token validation filter), so that make sense to have a better API to declare constraints on a JWT.

      Expectations

      From a user PoV, the API could looks like this:

      JwtValidator validator = JwtValidator.builder()
                                           .claim(AUD, String.class, isEqualTo("george"))
                                           .claim("iss", isPresent())
                                           .claim(EXP.value(), hasNotExpired(systemUTC()))
                                           .build();
      
      boolean valid = validator.validate(jwt);
      
      List<Violation> violations = validator.report(jwt);
      

      Acceptance Criteria

      • Ability to build a validator that I can configure with different constraints
      • Validator can be re-used to validate any incoming JWT (but not the encrypted one)
      • Validator offer 2 methods:
        • Simply know if the token is valid or not
        • Returns a list of violations

        Attachments

          Activity

            People

            Assignee:
            violette Violette Roche Montane
            Reporter:
            guillaume.sauthier Guillaume Sauthier
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: