Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RFC9068 implementation #586

Merged
merged 2 commits into from
Nov 21, 2023
Merged

RFC9068 implementation #586

merged 2 commits into from
Nov 21, 2023

Conversation

azmeuk
Copy link
Collaborator

@azmeuk azmeuk commented Sep 26, 2023

This PR implements RFC9068 and fixes #427.

It implements:

  • a token generator that builds JWT access tokens
  • an introspection endpoint that introspects JWT access tokens
  • a resource protector that validate authorizations against a JWT access token
  • a revocation endpoint that refuses to revoke JWT access tokens

Everything is documented, and coverage is almost 100%, except on one part I will directly comment on the code.

I have left some comments for thing to be implemented with #524

Some notes about the implementation:

  • resource protectors can take other arguments than scope, since RFC9068 introduces the groups, entitlements and roles claims to validate accesses
  • register_endpoint can take objects, and not just classes
  • I have not used joserfc yet. I thought it would be better to migrate the whole authlib library at once.

@lepture
Copy link
Owner

lepture commented Oct 6, 2023

@azmeuk Is it ready for reviewing? If not, you can convert it to draft at first.

@azmeuk
Copy link
Collaborator Author

azmeuk commented Oct 6, 2023

Yes, this is ready for review!

@lepture lepture merged commit 701113f into lepture:master Nov 21, 2023
6 checks passed
@azmeuk azmeuk deleted the rfc9068 branch November 21, 2023 15:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

RFC9068: JWT access token
2 participants