Improve bearer token support with Admin Service backend encryption - just like we do with cookies #342

BarcoMasile · 2024-06-28T09:16:27Z

Description

Right now bearer token support for Admin UI authentication (CLI use case) is not up to the level of the browser user use case regarding security.
Auth cookies get symmetrically encrypted meanwhile there's no such thing for bearer token, meaning you can authenticate invocation towards the Admin UI with an unencrypted JWT bearer token (with the correct audience of course).
We should improve on this and provide a way to allow CLIs to "retrieve" encrypted access tokens for consumption with the Admin UI.

syncronize-issues-to-jira · 2024-06-28T09:16:36Z

Thank you for reporting us your feedback!

The internal ticket has been created: https://warthogs.atlassian.net/browse/IAM-946.

This message was autogenerated

BarcoMasile added the enhancement New feature or request label Jun 28, 2024

BarcoMasile self-assigned this Jun 28, 2024

BarcoMasile mentioned this issue Jun 28, 2024

IAM 892 - login handler and authentication middleware implementation according to spec ID036 #338

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Improve bearer token support with Admin Service backend encryption - just like we do with cookies #342

Improve bearer token support with Admin Service backend encryption - just like we do with cookies #342

BarcoMasile commented Jun 28, 2024

syncronize-issues-to-jira bot commented Jun 28, 2024

Improve bearer token support with Admin Service backend encryption - just like we do with cookies #342

Improve bearer token support with Admin Service backend encryption - just like we do with cookies #342

Comments

BarcoMasile commented Jun 28, 2024

Description

syncronize-issues-to-jira bot commented Jun 28, 2024