mst opened a new issue, #9220: URL: https://github.com/apache/trafficserver/issues/9220
My use case is almost solved by the `access_control` plugin, but instead of having a JWT created by an Application/Origin, I have a client JWT assertion that contains e.g. `sub`. The Client only sends the JWT during authn and receives an opaque Access Token. The flow is as follows (see also [RFC7521](https://www.rfc-editor.org/rfc/rfc7521), [RFC7523](https://www.rfc-editor.org/rfc/rfc7523)): 1. client creates a JWT using a client secret (contains `sub`) 2. POST /auth on the Application with the JWT 3. Application returns opaque Access Token 4. GET /some-resource with the token When the client requests the URL another time, the Access Token may have expired and it creates a new one. But the cache may be still hot enough. I wouldn't want the new token to cause a cache miss. Instead, the proxy should know which `sub` that Access Token was created with and add it to the cache key for lookup. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
