-
Notifications
You must be signed in to change notification settings - Fork 4k
-
Notifications
You must be signed in to change notification settings - Fork 4k
Make TokenValidator extensible #1847
Comments
@leastprivilege thanks for opening this issue. I might be able to put sometime on this and create a PR in christmas period |
I need to know the use cases first. What's yours? |
Sorry for the late reply, |
OK - that's fine. You can do that with a custom token creation service. But why would you need a custom token validator? |
Oh I see - do you want to validate your encrypted id_tokens for signout? |
Is this your scenario? If you don't give me more information, we can't put it into the next release.. |
OK - since we didn't get a response. This will be postponed. I think ultimately I want to split up the validators for id_token, access token and refresh token - and a shared JwtValidator that can be replaced independently. |
Sorry for late reply. Thanks 🙏 |
You still haven't answered my question... |
Oh, Sorry :-( |
What is your workaround today?
|
For encryption I am using custom token creation service to create encrypted token |
Would you make that source code available so I can have a look? |
Yes, I will share the code tomorrow |
I also need I need to use JWE instead of JWT. The token creation is already there, just the validation is missing. In both classes by just adding something similar to a " |
maybe @bashiransari can show us his code? |
Can you post the code you are using for token creation? and also a prototype of how the validation would need to look like? |
This is my WIP for generating the JWE by extending the
Everything seem to be working properly in my testing. |
Hi,
This is not a perfect solution it would be better if the client sends its own clientId as a query string parameter but I didn't want to use HttpContextAccessor in TokenValidator directly, I think the caller classes like EndSessionRequestValidator (
|
I think there are better solution to this. Something we need to figure out first. Given that this requires some more research, and we have other higher priority issues right now - we have no plans right now to support encryption built-in. If your company needs that feature built-in, they can sponsor us and we can work out something. |
please see my example implementations : https://github.com/DureSameen/IdentityServer4.JWE |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
to support other JWT libs and e.g. JWE
The text was updated successfully, but these errors were encountered: