Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support JWT as an Authorization Grant for client
See original GitHub issueThis feature will partially implement JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants.
Section 2.1. Using JWTs as Authorization Grants will be the focus for this feature implementation.
JWT Bearer Token can be used to request an access token when a client wishes to utilize an existing trust relationship, expressed through the semantics of the JWT, without a direct user-approval step at the authorization server
One of the primary use cases for using a JWT as an authorization grant is to exchange it for another JWT (at the Token Endpoint) with narrowed scope. This is useful when a service (a) wants to call another downstream service (b) with only scope that service (b) understands (supports).
NOTE: This ticket addresses client-side support only.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:11
- Comments:19 (12 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I’m aware of these uses in the wild:
Other participants in the FastFed WG include SailPoint, Microsoft, Google, AWS, Yahoo, ADP, Ping, Okta, so I would expect broader adoption through 2020 and 2021.
@H-LREB Yes indeed. FYI I just searched the keycloak source code (server and client) for jwt-bearer and there is only the assertion so
urn:ietf:params:oauth:grant-type:jwt-bearermay not be supported?Thanks for the info on gh-8175 - that is the one I’m interested in 😄 .