Project

General

Profile

Story #7516

Include standard claim fields in JWT auth token

Added by Ben Leinfelder about 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Ben Leinfelder
Category:
Authentication, Authorization
Target version:
Start date:
2015-12-07
Due date:
% Done:

100%

Story Points:
Sprint:

Description

Lauren noticed that our "ttl" field was incorrectly using millisecond values, greatly inflating the duration that a token would be considered valid. Upon further research, I see that there are many "registered claim names" that we should probably be using instead of those that were required by the AnnotatorJS library that first led us to use JWTs. https://tools.ietf.org/html/rfc7519#section-4.1

I propose updating our JWT issuing and interpretation code to use these standard fields as well as include the custom fields required by AnnotatorJS.

Note that this is a substantial change even if only a few lines of code will actually be altered.


Subtasks

Task #7517: Update token generation to include standard claim fieldsClosedBen Leinfelder

Task #7518: Update token interpretation library to use standard fieldsClosedBen Leinfelder

Task #7519: Update documentation for clients and services that will utilized auth tokensClosed

Task #7520: Update MNs (Metacat) to use newer portal library to correctly interpret auth tokensClosed

Task #7521: Update other CN libraries that use the d1_portal token codeClosed

History

#1 Updated by Ben Leinfelder about 8 years ago

  • Status changed from New to In Progress
  • % Done changed from 0 to 30

Mostly done with the development work on this. But should be reviewed when documentation is updated and test server has changes deployed to it.

#2 Updated by Ben Leinfelder about 8 years ago

  • Status changed from In Progress to Testing
  • % Done changed from 30 to 50

Deploying on cn-sandbox-2 for UI testing. Can do other environments too if needed.

#3 Updated by Ben Leinfelder about 8 years ago

  • Status changed from Testing to Closed
  • % Done changed from 50 to 100

#4 Updated by Chris Jones about 8 years ago

I'd agree that we should include the standard claim names in the tokens. It's nice that they've standardized a bunch of useful fields, and our interoperability will be better if we populate them. +1

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)