Page MenuHomePhabricator

Implement private JWT claims support in OAuth2 extension
Closed, ResolvedPublic

Description

In order to provide the rate limits into the JWT access tokens, we need to implement support for private claims in the OAuth extension.

The implementation is going to be based on enhancements to the oauth2-server library that we're using, roughly following this PR

We would implement ClaimStoreRepository in the OAuth extension that will be entirely stateless, but will provide a hook and accumulating the claims from other extensions. Having no specific storage for the claims in the OAuth extension will allow it to be oblivious towards what claims are being set, and all the logic would be implemented by other extensions implementing the hook. That aligns with the standards in this area.

Event Timeline

Pchelolo created this task.Jul 9 2020, 6:07 PM

Change 610335 had a related patch set uploaded (by Clarakosi; owner: Clarakosi):
[mediawiki/extensions/OAuth@master] Add private claims via new OAuthClaimStoreGetClaims hook

https://gerrit.wikimedia.org/r/610335

Change 610335 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Add private claims via new OAuthClaimStoreGetClaims hook

https://gerrit.wikimedia.org/r/610335

Pchelolo closed this task as Resolved.Sep 9 2020, 8:15 PM
Pchelolo moved this task from Ready to Deploy to Done on the Platform Team Workboards (Green) board.