[
https://issues.apache.org/jira/browse/SLING-13024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18042490#comment-18042490
]
Nicola Scendoni commented on SLING-13024:
-----------------------------------------
My proposal is to implement following features:
# Support for [JWT Web Tokens|https://datatracker.ietf.org/doc/html/rfc7519]
# Optional support for [JSON Web Token (JWT) Profile for OAuth 2.0 Access
Tokens|https://datatracker.ietf.org/doc/html/rfc9068]
# Caching of valid Access Tokens
# Configuration if validation should be online or offline
# Optionally call UserInfo endpoint to retrieve the user profile
# Mandatory list of accepted client id
# Mandatory list of requested scopes
# Mandatory list of accepted audiences
# IT Test
> Access Token Authentication handler
> -----------------------------------
>
> Key: SLING-13024
> URL: https://issues.apache.org/jira/browse/SLING-13024
> Project: Sling
> Issue Type: Improvement
> Reporter: Nicola Scendoni
> Priority: Major
>
> Currently we have an OIDC Authentication Handler for Authorization Code Flow.
> This allow users to authenticates to Sling. We may have other use cases where
> a user already authenticated with an IdP, needs to access to resources stored
> in Sling.
> We need an Authentication Handler that validate the token and perform an
> authentication of the user that issued the token.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
