[
https://issues.apache.org/jira/browse/JAMES-3455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andreas Valdma updated JAMES-3455:
----------------------------------
Description:
We have a production system that uses jwt tokens. Unfortunately the subject
field in our JWT token has a different value than we want for our emails. We
are thinking of adding an additional field like "email" to the JWT token and
making a new configuration key for james, that shows from which field to load
the user's name. Currently the username is read from the "sub" field.
We propose making it configurable, from which field the JwtTokenVerifier
extracts the login from the JWT token.
For example, in case of a JWT token content:
{code:java}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"email": "[email protected]"
}{code}
I'd configure the login field as "email", then "[email protected]" will be
extracted as the login for the user.
was:
We have a production system that uses jwt tokens. Unfortunately the subject
field in our JWT token has a different value than we want for our emails. We
are thinking of adding an additional field like "email" to the JWT token and
making a new configuration key for james, that shows from which field to load
the user's name. Currently the username is read from the "sub" field.
We propose making it configurable, from which field the JwtTokenVerifier
extracts the login from the JWT token.
For example, in case of a JWT token content:
{code:java}
{
"sub": "1234567890",
"name": "John Doe",
"iat": 1516239022,
"email": "[email protected]"
}{code}
I'd configure the login field as "email", then "[email protected]" will be
extracted as the login for the user.
> Configurable login field in jwt token authentication.
> -----------------------------------------------------
>
> Key: JAMES-3455
> URL: https://issues.apache.org/jira/browse/JAMES-3455
> Project: James Server
> Issue Type: Wish
> Reporter: Andreas Valdma
> Priority: Minor
>
> We have a production system that uses jwt tokens. Unfortunately the subject
> field in our JWT token has a different value than we want for our emails. We
> are thinking of adding an additional field like "email" to the JWT token and
> making a new configuration key for james, that shows from which field to load
> the user's name. Currently the username is read from the "sub" field.
> We propose making it configurable, from which field the JwtTokenVerifier
> extracts the login from the JWT token.
> For example, in case of a JWT token content:
> {code:java}
> {
> "sub": "1234567890",
> "name": "John Doe",
> "iat": 1516239022,
> "email": "[email protected]"
> }{code}
> I'd configure the login field as "email", then "[email protected]" will
> be extracted as the login for the user.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
