idea: declarative token validation #31

bobbyrullo · 2015-08-17T18:19:57Z

Issue by sym3tri
Tuesday Jun 30, 2015 at 19:45 GMT
Originally opened as https://github.com/coreos-inc/auth/issues/281

I've encountered jwt claim parsing/validation code very frequently. Just an idea, but maybe we create a generic way to declaratively "validate" tokens by ensuring a set of claims/values. I kinda want a function I can call like:

var (
  ErrorClaimMissing = ...
  ErrorClaimMatchFailure = ...
  ErrorClaimCheckInvalidType = ...
  ...
)

type ClaimCheck struct {
  name string
  value interface{} // must be a supported claim type
}

wantClaims := []ClaimCheck{
  // no value, just checks for existence
  ClaimCheck {
    name: "email",
  },
  // existence & equality check
  ClaimCheck {
    name: "aud",
    value: "some-clien-id",
  },
}

valid, err := jwt.HasExpected(wantClaims)
...

Thoughts?

ericchiang · 2016-11-09T07:36:19Z

Dex no longer does any ID Token validation. Would be better for go-oidc.

bobbyrullo added kind/cleanup priority/Pmaybe labels Nov 4, 2015

ericchiang closed this as completed Nov 9, 2016

palexster pushed a commit to palexster/dex that referenced this issue Nov 9, 2023

fix: export custom claims translation (dexidp#31)

d14abf1

palexster pushed a commit to palexster/dex that referenced this issue Nov 9, 2023

fix: export custom claims translation (dexidp#31)

da546a7

palexster pushed a commit to palexster/dex that referenced this issue Nov 9, 2023

fix: export custom claims translation (dexidp#31)

0043000

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

idea: declarative token validation #31

idea: declarative token validation #31

bobbyrullo commented Aug 17, 2015

ericchiang commented Nov 9, 2016

idea: declarative token validation #31

idea: declarative token validation #31

Comments

bobbyrullo commented Aug 17, 2015

ericchiang commented Nov 9, 2016