Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: add JTI validation feature #4560

Merged

Conversation

paullatzelsperger
Copy link
Member

@paullatzelsperger paullatzelsperger commented Oct 18, 2024

What this PR changes/adds

adds a feature to validate the uniqueness of Token-IDs ("jti"). To do that, a JtiValidationStore class was implemented (in-mem + SQL) that holds valid JTI strings and is cleaned up periodically by a reaper thread.

Store implementations for in-mem and SQL were added.

Why it does that

to be able to validate JTI claims

Further notes

  • the token-core module should be split up into a token-core (containing the extension) and a token-lib modules (containing the rules, in-mem store, and other impls etc.). This will come in a subsequent PR (Remove references to core:common:token-core #4389), I didn't want to blow the changeset up even more.
  • Token-IDs are recorded in the EmbeddedSecureTokenService, but are validated in the AccessTokenVerifierImpl of IdentityHub. A related PR will be created shortly.

Linked Issue(s)

Closes #3749

Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.

@paullatzelsperger paullatzelsperger added enhancement New feature or request dcp labels Oct 18, 2024
@paullatzelsperger paullatzelsperger force-pushed the 3749_jti_validation_service branch 3 times, most recently from 146e4f6 to 872bccf Compare October 21, 2024 12:52
@paullatzelsperger paullatzelsperger marked this pull request as ready for review October 21, 2024 13:05
@paullatzelsperger paullatzelsperger requested review from wolf4ood and ndr-brt and removed request for ndr-brt October 21, 2024 13:08
@paullatzelsperger paullatzelsperger force-pushed the 3749_jti_validation_service branch from 872bccf to a2c1b88 Compare October 21, 2024 13:14
…java/org/eclipse/edc/edr/store/index/sql/SqlJtiValidationStoreExtensionTest.java

Co-authored-by: Enrico Risa <enrico.risa@gmail.com>
@paullatzelsperger paullatzelsperger merged commit 7f83a70 into eclipse-edc:main Oct 21, 2024
21 checks passed
@paullatzelsperger paullatzelsperger deleted the 3749_jti_validation_service branch October 21, 2024 14:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dcp enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Implement infrastructure to verify jti claims
2 participants