...
Jira Legacy server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-186 Drafted an approach that seems to work:
Refresh token type in profile configuration
Token endpoint can be wired with a customisable Map of functions (keyed with refresh token type) that encode RefreshTokenClaimsSet into whatever String
Validating endpoints (token, introspection, revocation) can be wired with a list of functions that decode String back to RefreshTokenClaimsSet
Ian
John
Nothing of substance to report.
Marvin
Phil
Just working on the WebAuthn plugin
Working registration and authentication
The code is a mess. Still not looked in detail about storage API implementations
Thinking about the different use cases:
Passkeys (discoverable credentials). No username, select credential on the authenticator and send that back to the IdP. Requires ResidentKey, and authentication I think requires UserVerification (UV) and UserPresence (UP) checks. Working
Passwordless. Username initial input. Does not require ResidentKey, but still requires UP check and UV. Works, but I do not have an initial username input page yet.
2FA. Run after a previous factor. Does not require ResidentKey, requires UP check but not UV. It does not set this options correctly, currently (although shouldn’t be hard to signal this).
The plugin bundle is working, although it contains a ‘selection’ view-page to choose between keys or password which probably is not needed in the final product, need to think about that.
Maybe make something alpha more public mid Jan.
...