Comments (4)
zandbelt
commented on June 15, 2024
1
Indeed there's common data in both tokens but some fields are only present in either. Such as the email since it's not required for authorization.
you should need to do only one of those
Is there a specific reason or is it a best practice ?
it is just that I see no reason: if you're going to include identity data in the access token anyway, leaving out the email address seems arbitrary
from mod_oauth2.
zandbelt
commented on June 15, 2024
firstly I'd say that you should need to do only one of those because it would/should render the same data; If for some reason you'd still need to consume both, the only solution is to configure token verification of one token on a specific path and then proxy internally to a different path that verifies the second token
from mod_oauth2.
hollowshiroyuki
commented on June 15, 2024
Indeed there's common data in both tokens but some fields are only present in either. Such as the email since it's not required for authorization.
you should need to do only one of those
Is there a specific reason or is it a best practice ?
from mod_oauth2.
hollowshiroyuki
commented on June 15, 2024
Unfortunately, I don't have control on which data is included in which token, Amazon chose to put authorization related data in one and identity related data in the other
from mod_oauth2.
Related Issues (20)
- Trouble setting up on Centos 7 HOT 6
- How to Rewrite HTTP_AUTHORIZATION header with claims from token? HOT 1
- Exp not being honored properly for jwk HOT 4
- open Discussions like in mod_auth_openidc... HOT 1
- Please add support for RH8 HOT 1
- Fatal error: httpd.h when compile HOT 2
- Can't locate API module structure 'mod_oauth2' HOT 16
- 401 error when network hiccups HOT 23
- Outgoing_proxy not taken in account HOT 7
- How to match scope value made up of multiple words HOT 13
- Occasional core dump under high load HOT 1
- Cache value size is too large HOT 1
- Export access token claims HOT 2
- Can you please provide builds for jammy / Ubuntu 22.04 ? HOT 1
- Segmentation fault when request is proxied without Authorization header. HOT 4
- Access control <RequireAny> sets WWW-Authenticate header - insufficient_scope HOT 4
- oauth2: token could not be verified even with a valid token HOT 5
- mod_oauth2 3.3.1 does not install on fedora 37 HOT 5
- How to set a password for redis caching? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mod_oauth2.