[ https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Valdma updated JAMES-3455: ---------------------------------- Description: We have a production system that uses jwt tokens. We would like to use the same token as the login to james jmap api. Unfortunately the subject field in our JWT token has a different value than we want for our emails. We are thinking of adding an additional field like "email" to the JWT token and making a new configuration key for james, that shows from which field to load the user's name. Currently the username is read from the "sub" field. We propose making it configurable, from which field the JwtTokenVerifier extracts the login from the JWT token. I would propose a field "loginField" which defaults to 'sub' in the the JwtConfiguration class. For example, in case of a JWT token content: {code:java} { "sub": "1234567890", "name": "John Doe", "iat": 1516239022, "email": "abcdefg...@mail.com" }{code} I'd set the "loginField" configuration as "email", then "abcdefg...@mail.com" will be extracted as the login for the user. was: We have an authentication service based on JWT tokens. We would like to use the same token as the login to james jmap api as well as our own application backend, but in our case the emails don't match the "sub" field in the JWT token. We are thinking of adding an additional field like "email" to the JWT token and making a new configuration key for james, that shows from which field to load the user's name. Make it configurable, from which field the JwtTokenVerifier extracts the login from the JWT token. I would propose a field "loginField" which defaults to 'sub' in the the JwtConfiguration class. For example, in case of a JWT token content: {code:java} { "sub": "1234567890", "name": "John Doe", "iat": 1516239022, "email": "abcdefg...@mail.com" }{code} I'd set the "loginField" configuration as "email", then "abcdefg...@mail.com" will be extracted as the login for the user. > Configurable login field in jwt token authentication. > ----------------------------------------------------- > > Key: JAMES-3455 > URL: https://issues.apache.org/jira/browse/JAMES-3455 > Project: James Server > Issue Type: Wish > Reporter: Andreas Valdma > Priority: Minor > > We have a production system that uses jwt tokens. We would like to use the > same token as the login to james jmap api. Unfortunately the subject field in > our JWT token has a different value than we want for our emails. We are > thinking of adding an additional field like "email" to the JWT token and > making a new configuration key for james, that shows from which field to load > the user's name. Currently the username is read from the "sub" field. > We propose making it configurable, from which field the JwtTokenVerifier > extracts the login from the JWT token. I would propose a field "loginField" > which defaults to 'sub' in the the JwtConfiguration class. > For example, in case of a JWT token content: > {code:java} > { > "sub": "1234567890", > "name": "John Doe", > "iat": 1516239022, > "email": "abcdefg...@mail.com" > }{code} > I'd set the "loginField" configuration as "email", then "abcdefg...@mail.com" > will be extracted as the login for the user. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org