Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

oauth server generated jwt token problem

Peter_Baumann
Cirrostratus
Cirrostratus

‎22-Jun-2021 02:51

Hi all,

We have a customer try to do oauth with a dovecot server, they have the following problems using the f5 as a oauth server:

 

  1. The "typ" jwt header is missing, this should be set to "JWT".
  2. F5 set the JWT token nbf (not valid before) to some minutes in the past, this breaks dovecot auth.
  3. Customer want to use the following oauth features, are these supported?

https://openid.net/specs/openid-connect-frontchannel-1_0.html

https://openid.net/specs/openid-connect-backchannel-1_0.html

 

Do you know how the above could be customized in f5 to set to values the dovecot would accept?

 

Thank you for any hint.

Peter

Labels:
5 REPLIES 5

Marvin
Cirrostratus
Cirrostratus

‎22-Jul-2021 06:34

use token_content_type with value jwt in post data while retrieving token via /f5-oauth2/v1/token

0 Kudos

Peter_Baumann
Cirrostratus
Cirrostratus

‎10-Aug-2021 01:50

Unfortunately the customer changed the IdP now to Keycloak and this seems to fix all problems he had with the OAuth.

The above is not the only one limitation F5 OAuth has, it would be great if F5 could be more customizable into this.

I had a ticket open, also for the other customer problems, the only solution was a Feature Request without any timeline given when it would be implemented.

0 Kudos

youssef1
Cumulonimbus
Cumulonimbus
In response to Peter_Baumann

‎04-Nov-2021 08:19

Hello Peter,

 

I have exactly the same problem as you for another application.

The "typ" jwt header is missing, this should be set to "JWT".

 

have you had any feedback from the support? if not, could you give me the number of your incident? it will have weight if I open an incident about it.

 

thank you for your help.

regards,

 

 

0 Kudos

Marvin
Cirrostratus
Cirrostratus
In response to youssef1

‎05-Nov-2021 08:46

You need to specify token_content_type with value jwt for JWT tokens to be provided by F5 oauth server via POST method to /f5-oauth2/v1/token, if you dont do that then you request Opaque token.

 

Also first is always a GET request to /f5-oauth2/v1/authorize where I also append &token_content_type=jwt

0 Kudos

mebbels
Nimbostratus
Nimbostratus
In response to Marvin

‎20-Jun-2022 21:41 - edited ‎20-Jun-2022 21:52

Hi Marvin,

Can you confirm if the &token_content_type=jwt paramenter is added to the request the follwoing is added "type":"JWT" in the header of the JWT i.e.

{
"alg": "HS256",
"typ": "JWT"
}

Currently the F5 is configured to issues JWT automatically, but it missing the "type":"JWT" in the header of the JWT. It doesn't required the special parameter to issue the JWT in the current setup.

Or found another way to add headers to JWT.

Running 15.1.x and the F5 is acting the the Oauth Authorization Server.

Thanks

 

0 Kudos
Copyright © 2023 Khoros, LLC