Comments (6)
@chpapa @fungc-io Good, I will work on that!
from docs.
Product-design wise, feel more and more like we should make it really simple to add different claims to the JWT access token. Thoughts?
Agree. Opened authgear/authgear-server#3296
from docs.
@chpapa @fungc-io Backend integration page, the following JWT validation in your application server pages have been updated according to the GitHub issue:
https://docs.authgear.com/get-started/backend-api/backend-integration
https://docs.authgear.com/get-started/backend-api/jwt#check-the-validity-of-jwt
from docs.
@louischan-oursky correct me if i'm wrong.
The auth_time exists in ID token but not JWT token, the backend server cannot use the auth_time to "validate" the JWT.
But rather it can be used to ensure the client has just authenticated recently, if the API call includes the ID Token in it. But this is not included in the JWT token. The developer don't need to include the ID token in every request, they can use the exp
to validate the request given they have setup a short enough JWT lifetime.
If the sensitive API requires recency < the JWT lifetime, they should use the auth_time in ID Token instead.
from docs.
- I think normal oidc practices shouldn't include ID token which have explicit
aud
for client, to the API resources - so if
auth_time
is expected to be the way for API backend to validate the login session is recent enough, I think the right way should be put that into access token (JWT) as well? (Similiar to the common use case ofrole
)
Product-design wise, feel more and more like we should make it really simple to add different claims to the JWT access token. Thoughts?
from docs.
Yeah, interesting problem. I wrote just based on knowledge Reauthentication process:
https://docs.authgear.com/how-to-guide/authenticate/reauthentication
I came across this use case from Auth0 using OIDC prompt=login param to force reauthentication.
https://auth0.com/docs/authenticate/login/max-age-reauthentication
from docs.
Related Issues (20)
- Add example for extracting admin API private key from authgear.secrets.yaml
- Flutter doc AndroidManifest.xml inline comment error HOT 1
- Add all node types in admin api doc HOT 3
- Provide examples for decoding access token in Node.js
- Wechat RN SSO doc still using `authorize` method when it is updated to `authenticate` HOT 1
- Document the updated revoke session webhook event HOT 1
- Examples and more detailed description on Audit log HOT 3
- Update Passkey compatibility description HOT 3
- Provide examples for including user attributes in JWT HOT 1
- Update graphql example to use fix value
- Instructions for listening to session state change in the SDK
- Replace all [authgearapps.com] to [your authgear endpoint] HOT 3
- Define "Password Strength" in doc HOT 4
- Doc link to GTM integration leads to 404 on portal
- Improve the docker tutorial
- Update biometric tutorial for Capacitor SDK
- Problems in helm chart deployment guide
- Enrich the `AuthenticateOptions` API references HOT 1
- Check all example app are running properly HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docs.