[
https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Valdma updated JAMES-3455:
----------------------------------
Description:
We have an authentication service based on jwt tokens. We would like to use the
same token as the login to james jmap api, but in our case the emails dont
match the "sub" field in the jwt token. We are thinking of adding an additional
field like "email" to the jwt token and making a new configuration key for
james, that shows from which field to load the user's name.
Make it configurable, from which field the JwtTokenVerifier extracts the login
from the jwt token. I would propose a field "loginField" which defaults to
'sub' in the the JwtConfiguration class.
For example, in case of a jwt token content:
{code:java}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"email": "[email protected]"
}{code}
I'd set the "loginField" configuration as "email", then "[email protected]"
will be extracted as the login for the user.
was:
Make it configurable, from which field the JwtTokenVerifier extracts the login
from the jwt token. I would propose a field "loginField" which defaults to
'sub' in the the JwtConfiguration class.
For example, in case of a jwt token content:
{code:java}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"subjectEmail": "[email protected]"
}{code}
I'd set the "loginField" configuration as "subjectEmail", then
"[email protected]" will be extracted as the login for the user.
> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
> Key: JAMES-3455
> URL: https://issues.apache.org/jira/browse/JAMES-3455
> Project: James Server
> Issue Type: Wish
> Reporter: Andreas Valdma
> Priority: Minor
>
> We have an authentication service based on jwt tokens. We would like to use
> the same token as the login to james jmap api, but in our case the emails
> dont match the "sub" field in the jwt token. We are thinking of adding an
> additional field like "email" to the jwt token and making a new configuration
> key for james, that shows from which field to load the user's name.
> Make it configurable, from which field the JwtTokenVerifier extracts the
> login from the jwt token. I would propose a field "loginField" which
> defaults to 'sub' in the the JwtConfiguration class.
> For example, in case of a jwt token content:
> {code:java}
> {
> "sub": "1234567890",
> "name": "John Doe",
> "iat": 1516239022,
> "email": "[email protected]"
> }{code}
> I'd set the "loginField" configuration as "email", then "[email protected]"
> will be extracted as the login for the user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
