eliott/ocis
1
0
Fork 0
mirror of https://github.com/owncloud/ocis synced 2026-04-26 01:35:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add option to configure access token verification

Browse Source 
Allow to switch jwt access token verification and off. Many (most?) IDP
provide JWT encoded access tokens. If ocis is configure to assume jwt
access tokens (access_token_verify_method==jwt) we now properly verify
the tokens signature and a set of standard claims ("exp", "iat" and nbf"
by way of the jwt module's standard verification and "iss" explicitliy).

This change also allows for introduction of other access token verification
mechanism in the future (e.g. through introspection (RFC7662).
This commit is contained in:
Ralf Haferkamp
2022-07-20 17:45:43 +02:00
committed by Ralf Haferkamp
parent 454cea8a1c
commit eb94530433
8 changed files with 112 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
services/proxy/pkg/config/defaults/defaultconfig.go
View File

@@ -36,6 +36,7 @@ func DefaultConfig() *config.Config {
Issuer: "https://localhost:9200",
Insecure: true,
//Insecure: true,
AccessTokenVerifyMethod: config.AccessTokenVerificationJWT,
UserinfoCache: config.UserinfoCache{
Size: 1024,
TTL: 10,