Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Semantic conventions for JWT tokens. #1190

Open
hsblhsn opened this issue Jan 19, 2022 · 4 comments
Open

Semantic conventions for JWT tokens. #1190

hsblhsn opened this issue Jan 19, 2022 · 4 comments

Comments

@hsblhsn
Copy link

hsblhsn commented Jan 19, 2022
edited
Loading

What are you trying to achieve?

I want to log my jwt token data into my trace and spans. But there is not semantic naming conventions to that. I found enduser.id but that is for storing only the end user. While a jwt token consists of lot of things like expiration, issuer, audience e.t.c.

What did you expect to see?

I want to see a standardized naming convention for jwt tokens.
@spencerwilson
Copy link

spencerwilson commented Jan 26, 2022
edited
Loading

The spans that would contain this info, what operation in your application would they correspond to? For example, would you just put this data on the top-level SERVER-type spans? Or somewhere else?

I’m reminded a bit of the enduser namespace: https://github.com/open-telemetry/semantic-conventions/blob/5077fd5ccf64e3ad0821866cc80d77bb24098ba2/docs/general/attributes.md#general-identity-attributes

edit: The enduser namespace is replaced by user as of May 2024; see https://github.com/open-telemetry/semantic-conventions/blob/5077fd5ccf64e3ad0821866cc80d77bb24098ba2/docs/attributes-registry/user.md

@SergeyKanzhelev
Copy link
Member

Can you list what data you want to store and the scenarios for using it? I wonder if those are reusable beyond the JWT token scenario or specific to it

@hsblhsn
Copy link
Author

hsblhsn commented Jan 26, 2022
edited
Loading

This is what I am using right now:

const (
	AttributeKID             = attribute.Key("jwt.headers.kid") // public key id.
	AttributeID              = attribute.Key("jwt.claims.jti") // token id.
	AttributeIssuer          = attribute.Key("jwt.claims.iss") // issuer.
	AttributeSubject         = attribute.Key("jwt.claims.sub") // subject (user_id).
	AttributeAudience        = attribute.Key("jwt.claims.aud") // audience (my domain).
	AttributeAuthorizedParty = attribute.Key("jwt.claims.azp") // Authorized party (client_id).
	AttributeExpiresAt       = attribute.Key("jwt.claims.exp") // Expiry.
	AttributeNotBefore       = attribute.Key("jwt.claims.nbf") // Not before.
	AttributeIssuedAt        = attribute.Key("jwt.claims.iat") // Issued At.
	AttributePurpose         = attribute.Key("jwt.claims.purpose") // Purspose of the token.
	AttributeScopes          = attribute.Key("jwt.claims.scopes") // Scopes and permissions.
)

Here I am using the standard claim names of the jwt spec. I believe we can go further and use readable attributes and reuse them whenever possible. The above code is my very personal implementation.

@SergeyKanzhelev SergeyKanzhelev removed their assignment Feb 18, 2023
@lmolkova lmolkova transferred this issue from open-telemetry/opentelemetry-specification Jun 27, 2024
@lmolkova
Copy link
Contributor

related #1172

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@AlexanderWert @lmolkova @spencerwilson @SergeyKanzhelev @hsblhsn