rvesse commented on PR #1335: URL: https://github.com/apache/jena/pull/1335#issuecomment-1135878365
This PR is definitely a good first step and should get merged ASAP > The server side has some preparation work but again there has to be custom code somewhere to validate tokens in the deployment environment. This is probably better done with a Fuseki module - custom code for Fuseki main as released. I would somewhat disagree with this. Certainly in the general case we probably can't support verifying every possible JWT that users might want to use (algorithms, key sources etc). But for most everyday cases I think we could support a default verifier based on the following parameters that would be compatible with most OAuth2/OpenID Connect authentication providers: - A JWKS file/URL, where JWKS is a JSON Web Key Set per [RFC 7517 Section 5](https://datatracker.ietf.org/doc/html/rfc7517#section-5), from which the public keys for verifying a token can be obtained - Optionally the claim to obtain the username from. This would default to `sub` but from practical experience the value of the `sub` field is often an internal system identifier rather than an actual username which is carried in a different claim. This can be provided in a separate PR (and one which I'm happy to author myself) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
