[ 
https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andreas Valdma updated JAMES-3455:
----------------------------------
    Description: 
We have a production system that uses jwt tokens. We would like to use the same 
token as the login to james jmap api. Unfortunately the subject field in our 
JWT token has a different value than we want for our emails. We are thinking of 
adding an additional field like "email" to the JWT token and making a new 
configuration key for james, that shows from which field to load the user's 
name. Currently the username is read from the "sub" field.

We propose making it configurable, from which field the JwtTokenVerifier 
extracts the login from the JWT token. I would propose  a field "loginField" 
which defaults to 'sub' in the the JwtConfiguration class.

For example, in case of a JWT token content:
{code:java}
{
 "sub": "1234567890",
 "name": "John Doe",
 "iat": 1516239022,
 "email": "abcdefg...@mail.com"
}{code}
I'd set the "loginField" configuration as "email", then "abcdefg...@mail.com" 
will be extracted as the login for the user.

  was:
We have an authentication service based on JWT tokens. We would like to use the 
same token as the login to james jmap api as well as our own application 
backend, but in our case the emails don't match the "sub" field in the JWT 
token. We are thinking of adding an additional field like "email" to the JWT 
token and making a new configuration key for james, that shows from which field 
to load the user's name.

Make it configurable, from which field the JwtTokenVerifier extracts the login 
from the JWT token. I would propose  a field "loginField" which defaults to 
'sub' in the the JwtConfiguration class.

For example, in case of a JWT token content:
{code:java}
{
 "sub": "1234567890",
 "name": "John Doe",
 "iat": 1516239022,
 "email": "abcdefg...@mail.com"
}{code}
I'd set the "loginField" configuration as "email", then "abcdefg...@mail.com" 
will be extracted as the login for the user.


> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
>                 Key: JAMES-3455
>                 URL: https://issues.apache.org/jira/browse/JAMES-3455
>             Project: James Server
>          Issue Type: Wish
>            Reporter: Andreas Valdma
>            Priority: Minor
>
> We have a production system that uses jwt tokens. We would like to use the 
> same token as the login to james jmap api. Unfortunately the subject field in 
> our JWT token has a different value than we want for our emails. We are 
> thinking of adding an additional field like "email" to the JWT token and 
> making a new configuration key for james, that shows from which field to load 
> the user's name. Currently the username is read from the "sub" field.
> We propose making it configurable, from which field the JwtTokenVerifier 
> extracts the login from the JWT token. I would propose  a field "loginField" 
> which defaults to 'sub' in the the JwtConfiguration class.
> For example, in case of a JWT token content:
> {code:java}
> {
>  "sub": "1234567890",
>  "name": "John Doe",
>  "iat": 1516239022,
>  "email": "abcdefg...@mail.com"
> }{code}
> I'd set the "loginField" configuration as "email", then "abcdefg...@mail.com" 
> will be extracted as the login for the user.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to