Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement a JWT auth provider #1816

Open
mstickel opened this issue Jan 13, 2025 · 0 comments
Open

Implement a JWT auth provider #1816

mstickel opened this issue Jan 13, 2025 · 0 comments

Comments

@mstickel
Copy link

Is your feature request related to a problem? Please describe.
In order to integrate R2R with other services or systems that may already have their own identity / auth mechanisms, it would be great to have a way for R2R to be able to accept, trust and verify JWT tokens issued by other auth systems.

Describe the solution you'd like
Create a JWT auth provider that allows R2R endpoints to perform auth using JWT bearer tokens issued by trusted other services.

Describe alternatives you've considered
The simplest implementation of this is synchronous verification (shared JWT secret). Other options include public/private keys, OAuth2 (make R2R a resource server), and OIDC (make R2R a relying party).

Additional context
Things to consider:

  • How to configure the JWT secret. This secret is a sensitive piece of information that should be handled and protected appropriately. Disclosure of this secret could allow an attacker to craft arbitrary valid JWT tokens that the system would accept.
  • How to create users if a token representing a user unknown to R2R is presented for the first time (also, updating users based on token claims)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mstickel