Hi Isura/Omindu, Which data are supposed to store in IDN_JWT_PRIVATE_KEY table? What is the > reason to store those data? >
In the patch that we have provided for 5.3.0 , this table contains following fields. JWT_ID (primary key) EXP_TIME TIME_CREATED JWT_ID is an unique identifier for the token. According to the spec this token should not be reused. So JWT_ID is responsible for prevent re-use of this token. Hence we need to store the JWT_ID. Based on the EXP_TIME we have planned to clean the records. The spec is bit flexible on re-using the token. So once the token is expired we let the same JWT_ID to be re-used. jtiREQUIRED. JWT ID. A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties; any such negotiation is beyond the scope of this specification. If we are storing private keys in the table, make sure the content is > encrypted to avoid security concerns. Actually we don't store private keys here. Anyway the table name is bit misleading. So shall we re-name the table as IDN_OIDC_JTI? Thanks, On Fri, Jan 5, 2018 at 7:49 AM, Isura Karunaratne <[email protected]> wrote: > Hi Hasanthi, > > On Thu, Jan 4, 2018 at 4:32 PM, Hasanthi Purnima Dissanayake < > [email protected]> wrote: > >> Hi All, >> >> Following tasks are identified for the implementation for the $subject. >> >> 1. Move the logic of validating the token API invocation request to >> validate required parameters for JWT client authentication to >> PrivatekeyJWTClientAuthHandler >> 2. Introduce a new interface to read the public certificate. >> - Certificate can be read from keystore >> - Certificate can be read from db >> - Certificate can be read from any other means >> 3. Data which will be persisted in IDN_JWT_PRIVATE_KEY can be grown >> rapidly which may cause to some performance issues. So need to implement a >> cleanup script based on the expiration time of the JWT. >> > > Which data are supposed to store in IDN_JWT_PRIVATE_KEY table? What is > the reason to store those data? > > Thanks > Isura. > >> 4. Honour the UI configuration for confidential applications which is >> discussed in mail [1] >> >> Apart from above need to consider on following tasks: >> 1. Improving the unit tests of the repository >> 2. Improve the documentations for the $subject. >> >> >> [1] Confidential Aplications in OAuth2 Flow >> >> Thanks, >> -- >> >> Hasanthi Dissanayake >> >> Senior Software Engineer | WSO2 >> >> E: [email protected] >> M :0718407133| http://wso2.com <http://wso2.com/> >> > > > > -- > > *Isura Dilhara Karunaratne* > Associate Technical Lead | WSO2 > Email: [email protected] > Mob : +94 772 254 810 <+94%2077%20225%204810> > Blog : http://isurad.blogspot.com/ > > > > -- Hasanthi Dissanayake Senior Software Engineer | WSO2 E: [email protected] M :0718407133| http://wso2.com <http://wso2.com/>
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
