Comments (2)
cfryanr
commented on June 16, 2024
I wonder if common application libraries (e.g. Spring) would know how to interpret an Authorization header that looks like this?
Authorization: Bearer <access_token> <id_token>
Perhaps something to try.
In addition to checking common libraries, we would also need to make sure that Istio's authn jwt token checking filter also supports this.
If they do, then when the user configures both header configuration options to be the same, then perhaps the authservice could use this format instead of erroring out.
from authservice.
nickrmc83
commented on June 16, 2024
My feeling with this one is to put each token in separate cookies and headers so that we do not have to worry about breaking the size limits of those fields.
I'm also thinking that the access token is an opt-in whilst we always include the id_token. I'm assuming that we provide the capability to define the name of both the cookie returned to the browser as well as the header that we forward the access token.
Thoughts?
from authservice.
Related Issues (20)
- Make it possible to build FIPS authservice image. HOT 2
- authservice pod never reaches ready state HOT 3
- Create authservice 0.5.0 release HOT 1
- Example: jwks_fetcher: Cannot find field HOT 2
- support for oidc client_assertion as one of the client authentication methods HOT 2
- "Retrieve token: invalid form" in a loged-in session window. HOT 4
- Websocket connections not possible because '/path?access_token=<JWT>' not handled in ODIC filter
- Feature Request - Support Redis TTL HOT 1
- integration with ADFS fails due to unable to shutdown connection for ssl stream HOT 2
- Better connection management for http host
- Concurrency Issues HOT 1
- Doc/example desired for trigger_rules
- Performance issues under minimal load
- HTTP Redirects end up with lost token information HOT 3
- Redis error during high traffic times
- How to set the client secret from an existing kubernetes secret? HOT 1
- Question on implementing multitenancy with istio/keycloak/authservice HOT 1
- Other flows particularly client credentials flow(machine2machine) HOT 1
- Does authservice only works for SPA app or can work for server side calls from client?
- Failed to login, get "Oops, your session has expired. Please try again." HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authservice.