Use configured required claims to verify OIDC introspection responses #43975

sschellh · 2024-10-19T06:12:50Z

Description

When using quarkus-oidc and the bearer access token is opaque/binary and is remotely introspected/verified by the OIDC provider, then the properties in the introspection response are not handled the same ways as the claims in JWT access token.

This results in properties like quarkus.oidc.token.required-claims.realm=value not being honored, if access token is opaque.

Implementation ideas

No response

The text was updated successfully, but these errors were encountered:

quarkus-bot · 2024-10-19T06:12:53Z

/cc @pedroigor (oidc), @radcortez (config), @sberyozkin (oidc)

sschellh added the kind/enhancement New feature or request label Oct 19, 2024

quarkus-bot bot added the area/config label Oct 19, 2024

quarkus-bot bot added the area/oidc label Oct 19, 2024

sberyozkin self-assigned this Oct 19, 2024

radcortez removed the area/config label Oct 20, 2024

sberyozkin mentioned this issue Oct 29, 2024

Apply the required claims restriction to OIDC introspections #44170

Merged

sberyozkin closed this as completed in #44170 Oct 29, 2024

quarkus-bot bot added this to the 3.17 - main milestone Oct 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use configured required claims to verify OIDC introspection responses #43975

Use configured required claims to verify OIDC introspection responses #43975

sschellh commented Oct 19, 2024

quarkus-bot bot commented Oct 19, 2024

Use configured required claims to verify OIDC introspection responses #43975

Use configured required claims to verify OIDC introspection responses #43975

Comments

sschellh commented Oct 19, 2024

Description

Implementation ideas

quarkus-bot bot commented Oct 19, 2024