-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OF-2101: JWTAuthProvider for authenticating with Json Web Token #1703
base: main
Are you sure you want to change the base?
Conversation
mightymop
commented
Sep 15, 2020
- login with user & token
- token will be checked for
- set JWT Secret String in OF SystemProperties (used vor validating jwt signature)
sync upstream
sync with upstream
merge upstream into fork
upstream update from master
merge upstream
This pull request introduces 1 alert when merging 0d98251 into 6229c5d - view on LGTM.com new alerts:
|
This is an exciting new feature to add! However, especially since it's security related, I'd prefer to see both:
Can you add those? |
I've created this issue in JIRA to track this new feature: https://issues.igniterealtime.org/browse/OF-2101 There are a lot of commits in this PR. If you would not mind squashing them, can you add "OF-2101" to a commit message? That way, automation will link the JIRA issue to these commits. |
I have added comments and javadoc and cleaned up the code... |
- login with user & token - token will be checked for > "subject" (same as user and will be used for user search) > expiration date > issuer must be same as configured in OF SystemProperties - set JWT Secret String in OF SystemProperties (used vor validating jwt signature) - or set an certificate for validating via public key - add javadoc and comments - clean up code - removed unused dependency
I'm very interested in having this in Openfire, but I'd like to go over this in more detail that what I am comfortable with prior to the upcoming 4.6.0 release. Lets aim to include this in 4.7. |
@deleolajide You know about this PR? I wonder if this Auth-Provider may be also used for OFmeetings/Pàdé? I got this idea from a German school, which is using (at the moment) plain Jitsi and a self-made, web-based central class schedule application. After login to this, each pupil get an individual time table with lessons, task and tests with identification based on JWTs. For a common virtual classroom session, it has just to follow the link and will be dropped into the right room. And the JWT in this link isn't usable for other times, other rooms and the teacher can be comparable sure that the user of the link is "this" pupil. If OpenFire/OpenMeetings is used in a business context, this might be also used to provide "foreign tickets" to any session with different restrictions as need (timeslot-based, room-based). |
This pull request introduces 3 alerts when merging 7fea70c into 81096dc - view on LGTM.com new alerts:
|