[Feature Request] - Allow payload definition for JWT schema
See original GitHub issueIs your feature request related to a problem?
Yes. The clients will be able to know what they expect within the payload of the JWT. It will save time to parse the payload on the client-side.
Describe the solution you’d like
In the security schemas sections, the developer should be able to provide the JWT payload as another sub-schema. Something like:
securitySchemes:
AppJwt:
type: http
scheme: bearer
bearerFormat: JWT
payload: '#/components/schemas/AppJwtPayload'
schemas:
AppJwtPayload:
type: object
properties:
userId:
type: string
Thanks.
Issue Analytics
- State:
- Created 4 years ago
- Reactions:14
- Comments:10 (7 by maintainers)
Top Results From Across the Web
JSON Web Token Introduction - jwt.io
The second part of the token is the payload, which contains the claims. Claims are statements about an entity (typically, the user) and...
Read more >JSON Web Token Structure - Auth0
JWS payload (set of claims): contains verifiable security statements, such as the identity of the user and the permissions they are allowed.
Read more >JWT: The Complete Guide to JSON Web Tokens
A Step-by-Step Guide for learning JSON Web Tokens, including signatures, single page web application User Authentication and Session ...
Read more >JSON web token (JWT) validation - Akamai TechDocs
JSON web token (JWT) validation maximizes identity provider offload and lets you authorize users who send requests to your API. You can enable...
Read more >JSON Web Token (JWT) Authentication Scheme (Release ...
During authorization, access to application 1 is allowed by generating SMSESSION as the claim value matches in the expression. If user accesses ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@DavidePastore I think we should find a suitable way to extend the SecurityScheme. I spent some time trying to do it with mutualTLS but without great results 😃 I’d start reading some of the issues https://github.com/OAI/OpenAPI-Specification/search?q=securityschemes&type=issues and once there’s a proposal we can ping the other folks.
Thanks @jdesrosiers! The point now is how to associate the JWT syntax to a securityScheme.