[
https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Valdma updated JAMES-3455:
----------------------------------
Description:
We have a production system that uses jwt tokens. Unfortunately the subject
field in our JWT token has a different value than we want for our emails. We
are thinking of adding an additional field like "email" to the JWT token and
making a new configuration key for james, that shows from which field to load
the user's name. Currently the username is read from the "sub" field.
We propose making it configurable, from which field the JwtTokenVerifier
extracts the login from the JWT token.
For example, in case of a JWT token content:
{code:java}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"email": "[email protected]"
}{code}
I'd set the "loginField" configuration as "email", then "[email protected]"
will be extracted as the login for the user.
was:
We have a production system that uses jwt tokens. Unfortunately the subject
field in our JWT token has a different value than we want for our emails. We
are thinking of adding an additional field like "email" to the JWT token and
making a new configuration key for james, that shows from which field to load
the user's name. Currently the username is read from the "sub" field.
We propose making it configurable, from which field the JwtTokenVerifier
extracts the login from the JWT token. I would propose a field "loginField"
which defaults to 'sub' in the the JwtConfiguration class.
For example, in case of a JWT token content:
{code:java}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"email": "[email protected]"
}{code}
I'd set the "loginField" configuration as "email", then "[email protected]"
will be extracted as the login for the user.
> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
> Key: JAMES-3455
> URL: https://issues.apache.org/jira/browse/JAMES-3455
> Project: James Server
> Issue Type: Wish
> Reporter: Andreas Valdma
> Priority: Minor
>
> We have a production system that uses jwt tokens. Unfortunately the subject
> field in our JWT token has a different value than we want for our emails. We
> are thinking of adding an additional field like "email" to the JWT token and
> making a new configuration key for james, that shows from which field to load
> the user's name. Currently the username is read from the "sub" field.
> We propose making it configurable, from which field the JwtTokenVerifier
> extracts the login from the JWT token.
> For example, in case of a JWT token content:
> {code:java}
> {
> "sub": "1234567890",
> "name": "John Doe",
> "iat": 1516239022,
> "email": "[email protected]"
> }{code}
> I'd set the "loginField" configuration as "email", then "[email protected]"
> will be extracted as the login for the user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
