[Galene] Help with JWT - Juliusz Chroboczek

Galène videoconferencing server discussion list archives
 help / color / mirror / Atom feed

From: Juliusz Chroboczek <jch@irif.fr>
To: galene@lists.galene.org
Subject: [Galene] Help with JWT
Date: Tue, 26 Oct 2021 21:12:02 +0200	[thread overview]
Message-ID: <871r471tz1.wl-jch@irif.fr> (raw)

I'm currently working on third-party authentication for Galene using JWTs
("OAuth2" for those of you who like fancy enterprise acronyms), and I need
some help from people familiar with JWTs.

1. The username should be stored in "aud", right?

2. The group name should be stored in "sub", right?  Should that be the
   naked group name, or the full URL ?

3. Where do I stash the permissions granted to the user?  Should I use
   a "collision-resistant" claim name, say "https://galene.org/permissions",
   or is it enough to just use "permissions"?  Perhaps "galene-permissions"?

4. I'm planning to implement HS256 and ES256.  We good?

-- Juliusz

next             reply	other threads:[~2021-10-26 19:12 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-26 19:12 Juliusz Chroboczek [this message]
2021-10-26 19:47 ` [Galene] " Michael Ströder
2021-10-26 21:10   ` Juliusz Chroboczek
     [not found] ` <a4ed9394-4515-ca8a-929c-0b7175a58c10@crans.org>
2021-11-03 19:10   ` graillot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://lists.galene.org/postorius/lists/galene.lists.galene.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=871r471tz1.wl-jch@irif.fr \
    --to=jch@irif.fr \
    --cc=galene@lists.galene.org \
    --subject='Re: [Galene] Help with JWT' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox