Subscribe for automatic updates: RSS icon RSS

Login icon Sign in for full access | Help icon Help
Advanced search

Pages: [1]
  Reply  |  Print  
Author Topic: scope element of the JWT - GIP  (Read 10729 times)
Lu?s T.
Posts: 39


« on: May 10, 2022, 06:25:50 pm »

Hi,
We are using Genero Identity Provider and, when requesting an access token, the payload of the Jason Web Token (JWT) the scopes come in a lement called "scopes":
Code:
{
  "sub": "1",
  "exp": 1652111693,
  "nbf": 1652111093,
  "iat": 1652111093,
  "iss": "http://apaxsys004:6394/ws/r/services/GeneroIdentityProvider",
  "aud": "91FEFA49-9317-4723-BC5B-202B5D72E04B",
  "scopes": [
    "query"
  ]
}
All other Authorization Server I tested call the element "scope" (singular), and in every documentation I found, it was singular also. Should I make an exception for GIP or it was a mistake that you will correct?
Thanks

Lu?s T.
Posts: 39


« Reply #1 on: May 11, 2022, 10:59:28 am »

With further investigations I noticed that, not only the scopes element is named differently ("scopes" instead "scope"), but it is a list of strings instead a string of blank separated words, as it says in the specification:
Frank G.
Four Js
Posts: 48


« Reply #2 on: May 11, 2022, 11:45:26 am »

Hi,

 The "scope" or "scopes" parameter in the JWT token is not a standard. Standards are : https://fr.wikipedia.org/wiki/JSON_Web_Token .

In Genero, the "scopes" is mainly used in an access token, to grant access to a REST service or not. It is the IdP that has delivered that token that is in charge to verify it or to provide a library doing the job. In Genero, this is managed by the GeneroAccessService.xcf .

Do you have any issue using Genero libraries with GIP ? What do you want to achieve exactly ?

Regards,
Frank
Lu?s T.
Posts: 39


« Reply #3 on: May 12, 2022, 10:15:51 am »

Hi Frank,
Thanks for your answer.

What we are developing in our REST services is a OAuth generic support that allows our clients choose to use any IdP of his own or our own IdP (GIP).
That's why we are worrying about standards which I found in the following link: https://datatracker.ietf.org/doc/html/rfc8693#section-4.2.
In any case I can handle this situation, considering a special case when if the token's issuer is the Genero IdP.

Regards
Luis
Reuben B.
Four Js
Posts: 1116


« Reply #4 on: May 16, 2022, 10:05:59 am »

Hi Luis,

Note that the GIP sources can be found in $FGLDIR/web_utilities/services/gip/src

You can take a copy and modify to meet your requirements.  Just be aware that in doing so, you are then responsible for ongoing maintenance etc.  You may find this preferable to having an IF Genero IdP THEN do something different ...

Reuben

Product Consultant (Asia Pacific)
Developer Relations Manager (Worldwide)
Author of https://4js.com/ask-reuben
Contributor to https://github.com/FourjsGenero
Lu?s T.
Posts: 39


« Reply #5 on: May 16, 2022, 10:47:26 am »

Thanks Reuben
I opted to trear GIP as special case whene acessing the scopes.
It's better than changing and mantaing the GIP sources
Best Regards
Luis
Frank G.
Four Js
Posts: 48


« Reply #6 on: June 03, 2022, 09:55:12 am »

Hi Luis,

 Just to keep you informed, we will support the "scope" parameters in ID and Access token in further Genero releases. As there are other IDPs working this way, we want to be as much compatible as possible. I have registered GIP-123 and GWS-1175.

Regards,

Frank
Pages: [1]
  Reply  |  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines