Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-186

    • Drafted an approach that seems to work:

      • Refresh token type in profile configuration

      • Token endpoint can be wired with a customisable Map of functions (keyed with refresh token type) that encode RefreshTokenClaimsSet into whatever String

      • Validating endpoints (token, introspection, revocation) can be wired with a list of functions that decode String back to RefreshTokenClaimsSet

Ian

John

  • Nothing of substance to report.

Marvin

Phil

  • Just working on the WebAuthn plugin

    • Working registration and authentication

    • The code is a mess. Still not looked in detail about storage API implementations

    • Thinking about the different use cases:

      • Passkeys (discoverable credentials). No username, select credential on the authenticator and send that back to the IdP. Requires ResidentKey, and authentication I think requires UserVerification (UV) and UserPresence (UP) checks. Working

      • Passwordless. Username initial input. Does not require ResidentKey, but still requires UP check and UV. Works, but I do not have an initial username input page yet.

      • 2FA. Run after a previous factor. Does not require ResidentKey, requires UP check but not UV. It does not set this options correctly, currently (although shouldn’t be hard to signal this).

    • The plugin bundle is working, although it contains a ‘selection’ view-page to choose between keys or password which probably is not needed in the final product, need to think about that.

      • Maybe make something alpha more public mid Jan.

...