Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IRCV3BEARER SASL mechanism for bearer tokens #545

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

slingamn
Copy link
Contributor

This replaces #534, incorporating feedback received there:

  1. Defining a new mechanism IRCV3BEARER instead of reusing PLAIN
  2. IRCV3BEARER still overlaps with OAUTHBEARER, but it's more general, since it supports arbitrary bearer token types including JWTs

@slingamn slingamn changed the title initial draft of IRCV3BEARER IRCV3BEARER SASL mechanism for bearer tokens May 28, 2024
extensions/ircv3bearer.md Outdated Show resolved Hide resolved

## Examples

This is an example of successful authentication with the `jwt` bearer token type:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Presumably the token type is opaque to the client and an implementation detail of the server and/or IdP? The client is merely a bearer of a token, what it is isn't important for it.

Therefore I'd perhaps not call out that it is a JWT token specifically here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A precedent for what I'm trying to do here is the "token type hint" as defined by RFC 7662:

  1. This is a hint to the server to speed up recognition of the token; if the hint is not recognized, the server can fall back to exhaustive search over all possibilities for validating the token, although this may be undesirable for performance reasons
  2. Although the hint may be implementation-defined, it is preferable that it be registered: here's the registry for OAuth token type hints

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants