[mitreid-connect] JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants
Luiz Omori
luiz.omori at duke.edu
Thu Jul 30 15:46:21 EDT 2015
Hi,
We have an use case for exchanging a JWT by an access_token, exactly how is described by JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication and Authorization Grants (http://tools.ietf.org/html/rfc7523). Basically SSO for us. We did some prototyping replacing the defaultOAuth2AuthorizationCode by a class that extends it and also recognizes trusted JWTs (consumerAuthorizationCode). The parameters necessary to create an OAuthAuthentication object are coming from from the trusted JWT and application registration DB. This appears to be working as expected, the only thing is that the grant_type has to be "code" instead of "urn:ietf:params:oauth:grant-type:jwt-bearer" as defined in the RFC for this flow.
Thoughts? Any plans to support this grant type?
Regards,
Luiz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20150730/4017cf2a/attachment.htm
More information about the mitreid-connect
mailing list