yogsototh/deft
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

notes/token_exchange_in_iroh_auth.org

Browse source
This commit is contained in:
Yann Esposito (Yogsototh) 2022-06-01 11:34:08 +02:00
parent 954c5a82b4
commit 3c6e2a7458
Signed by untrusted user who does not match committer: yogsototh
GPG key ID: 7B19A4C650D59646
1 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
notes/token_exchange_in_iroh_auth.org
View file

@ -90,8 +90,14 @@ meaning for each word restricted to this document:
*** Using SXSO tokens vs SXSO User Identity
SXSO support both OpenID Connect and SAML v2.0.
If we were to support direct
If we were to support direct tokens from SXSO, it would still mean the product
need to provide its own client credentials.
Also it would need IROH-Auth to integrate a complex system to verify and trust
these external tokens.
Instead this proposal only need to use IROH-Auth signed tokens.
The only work to be done by the product would be to extract the SXSO ~User Identity Id~
from either the ~id_token~ or the ~SAMLResponse~.
*** Exchange an SXSO User Identity for a SecureX user tokens
We would like that a team, which is integrated with SXSO can retrieve tokens from IROH-Auth.