[jira] [Work logged] (KNOX-3321) KnoxToken Support for RFC 8693 Token Exchange act Claim

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3321?focusedWorklogId=1019900&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1019900
 ]

ASF GitHub Bot logged work on KNOX-3321:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 12/May/26 20:04
            Start Date: 12/May/26 20:04
    Worklog Time Spent: 10m 
      Work Description: lmccay opened a new pull request, #1229:
URL: https://github.com/apache/knox/pull/1229

   [KNOX-3321](https://issues.apache.org/jira/browse/KNOX-3321) - KnoxToken 
Support for RFC 8693 Token Exchange act Claim
   
   ## What changes were proposed in this pull request?
   
   To support use cases that need insight into access of a resource on behalf 
of user other than the token holder, we need to add the 'act' chain claim. The 
ability track a chain of interactions being done by services, pipelines or 
agents will allow for better audit detail and authorization decision making.
   
   Based on the existence of the ImpersonatedPrincipal in the Java Subject, 
KnoxToken API will add the 'act' claim with a nested 'sub' to represent the 
entity acting on behalf of the primary 'sub' of the token.
   
   This requires adding additional methods to our JWTTokeService for both 
adding the 'act' claim itself but also for extracting it from a parsed token.
   
   ## How was this patch tested?
   
   All existing unit and integration tests were built and rain locally and new 
test cases were added and also run.
   
   




Issue Time Tracking
-------------------

            Worklog Id:     (was: 1019900)
    Remaining Estimate: 0h
            Time Spent: 10m

> KnoxToken Support for RFC 8693 Token Exchange act Claim
> -------------------------------------------------------
>
>                 Key: KNOX-3321
>                 URL: https://issues.apache.org/jira/browse/KNOX-3321
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: JWT
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>            Priority: Major
>             Fix For: 3.0.0
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> To support use cases that need insight into access of a resource on behalf of 
> user other than the token holder, we need to add the 'act' chain claim. The 
> ability track a chain of interactions being done by services, pipelines or 
> agents will allow for better audit detail and authorization decision making.
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)