-
Notifications
You must be signed in to change notification settings - Fork 420
Extra features and functionality for next major version, from other RFCs relating to JWT or for exported helper functions #460
-
If there is a more appropriate place to discuss this, please let me know and I'll move the discussion / delete this post. Thanks!
Hi,
The current implementation supports the main JWT RFC (RFC7519) - moving foward for the next version, is there any interest in adding functionality from other RFCs?
Such as;
Also, within this library there are currently some defined Claims types (MapClaims, RegisteredClaims) - would there be interest in adding more Claim types for supporting specific token types, such as OIDC tokens, Access Tokens etc? I expect that if this was agreed, it would only be the types that are backed by a corresponding accepted RFC
Example for OIDC Access Token (RFC9068)
https://datatracker.ietf.org/doc/html/rfc9068#name-requesting-a-jwt-access-tokHeader:
{"typ":"at+JWT","alg":"RS256","kid":"RjEwOwOA"}Claims:
{
"iss": "https://authorization-server.example.com/",
"sub": "5ba552d67",
"aud": "https://rs.example.com/",
"exp": 1639528912,
"iat": 1618354090,
"jti" : "dbe39bf3a3ba4238a513f51d6e1691c4",
"client_id": "s6BhdRkqt3",
"scope": "openid profile reademail"
}Reasoning for the additional custom tokens: it may make it easier for users to access the values in those tokens, without having to create their own custom type each time and embed a Claims type, or type switch over the MapClaims result.
Beta Was this translation helpful? Give feedback.