Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement built-in delegation/impersonation support (RFC8693) #1249

Open
kevinchalet opened this issue Apr 25, 2021 · 8 comments
Open

Implement built-in delegation/impersonation support (RFC8693) #1249

kevinchalet opened this issue Apr 25, 2021 · 8 comments
Assignees
@kevinchalet
Labels
enhancement server stack

Comments

@kevinchalet
Copy link
Member

kevinchalet commented Apr 25, 2021
edited

The OAuth 2.0 token exchange specification - originally known as "OAuth 2.0 Token Exchange: an STS for the REST of us" - was finally standardized last year.

Note: OpenIddict 3.0 already supports the requirements brought by this specification (like being able to set multiple audience or resource parameters, which was explicitly disallowed in the original OAuth 2.0 specification), as they were already part of ASOS 2.0 and OpenIddict 2.0.

RFC: https://tools.ietf.org/html/rfc8693
@kevinchalet kevinchalet added this to the 4.0.0-preview1 milestone Apr 25, 2021
@kevinchalet kevinchalet self-assigned this Apr 25, 2021
@kevinchalet kevinchalet removed this from the 4.0.0-preview1 milestone Apr 26, 2021
@ahanoff
Copy link
Contributor

ahanoff commented May 25, 2021

hi @kevinchalet, could you please explain how far this feature from completion and what is required to complete it? I most likely need this in my project soon, would be great if it supported out of the box in this awesome project

@a-a-k
Copy link

a-a-k commented May 30, 2022
edited

still no milestone?

@kevinchalet
Copy link
Member Author

The work required to implement delegation support was supposed to be funded by a company but they changed their mind and opted for a different approach so it's no longer on top of the list.

@a-a-k
Copy link

a-a-k commented May 31, 2022

@kevinchalet oh, I see. Could you tell, how much is it if our company decided to sponsor that, and what ETC would be then?

@kevinchalet kevinchalet mentioned this issue Aug 1, 2022
Closed
1 task
@mzros
Copy link

mzros commented Jul 28, 2023

any news on this?

@kevinchalet
Copy link
Member Author

@mzros nothing planned in the short term. That said, the demand is growing so I may consider implementing it at some point (maybe as a paid/sponsors-only feature?)

@codymullins
Copy link

@kevinchalet I'm adding this support to our local version, at least the delegated / composite token. If there's interest, I'm happy to PR this later on.

{
  "iss": "https://localhost:7243/",
  "exp": 1709912220,
  "iat": 1709908620,
  "jti": "bd5e0594-716e-43e2-b9e2-893970408a64",
  "sub": "01HRF356DTZ1WFNR980P05B228",
  "act": {
    "sub": "console"
  },
  "oi_prst": "console",
  "client_id": "console",
  "oi_tkn_id": "e303d0dd-1519-4acf-b3f0-9e459e76f780"
}

@kevinchalet
Copy link
Member Author

@codymullins thanks for reaching out! A company offered to fund that: it's very recent and we're still discussing the details (e.g it's still unclear whether they want/need support in the client stack).

I'll let you know how it goes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kevinchalet kevinchalet

Labels
enhancement server stack
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@codymullins @ahanoff @a-a-k @kevinchalet @mzros