Is your feature request related to a problem? Please describe.
In organizations with established authentication infrastructure it would be beneficial to have an ability to use external systems to issue JWT tokens (e.g. GCP's JWT tokens) and configure server to trust such identites.
It will eliminate the need to manage & maintain master token and handle all proper security technics around it (rotation etc)
Describe the solution you'd like
Ability to pass JWKS endpoint (external to OPAL server) and (optionally) name of Python module & function that should be used for additional validation of token (e.g. specific scope requirement).
Ability to pass name of Python module & function / url / file path (file or callable) to OPAL client that can be used to get a fresh auth token
Describe alternatives you've considered
Implementing this in a proxy server in front of OPAL server
Is your feature request related to a problem? Please describe.
In organizations with established authentication infrastructure it would be beneficial to have an ability to use external systems to issue JWT tokens (e.g. GCP's JWT tokens) and configure server to trust such identites.
It will eliminate the need to manage & maintain master token and handle all proper security technics around it (rotation etc)
Describe the solution you'd like
Ability to pass JWKS endpoint (external to OPAL server) and (optionally) name of Python module & function that should be used for additional validation of token (e.g. specific scope requirement).
Ability to pass name of Python module & function / url / file path (file or callable) to OPAL client that can be used to get a fresh auth token
Describe alternatives you've considered
Implementing this in a proxy server in front of OPAL server