lmccay opened a new pull request, #1229: URL: https://github.com/apache/knox/pull/1229
[KNOX-3321](https://issues.apache.org/jira/browse/KNOX-3321) - KnoxToken Support for RFC 8693 Token Exchange act Claim ## What changes were proposed in this pull request? To support use cases that need insight into access of a resource on behalf of user other than the token holder, we need to add the 'act' chain claim. The ability track a chain of interactions being done by services, pipelines or agents will allow for better audit detail and authorization decision making. Based on the existence of the ImpersonatedPrincipal in the Java Subject, KnoxToken API will add the 'act' claim with a nested 'sub' to represent the entity acting on behalf of the primary 'sub' of the token. This requires adding additional methods to our JWTTokeService for both adding the 'act' claim itself but also for extracting it from a parsed token. ## How was this patch tested? All existing unit and integration tests were built and rain locally and new test cases were added and also run. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
