feat: changing format of access token and user-info to JWT

[duttarnab]

closes #929
Closes #9294,

[dryrunsecurity]

DryRun Security Summary

This pull request focuses on improving the security and robustness of the OIDC client registration and user details handling in a React-based application, including the use of JWT access tokens, signed userinfo responses, client expiry management, secure display of sensitive information, and a secure logout functionality.

Expand for full summary

Summary:

The code changes in this pull request focus on improving the security and robustness of the OIDC (OpenID Connect) client registration and user details handling in a React-based application.

The key security enhancements include:

1. JWT Access Tokens and Signed Userinfo Response: The OIDC client registration now uses JWT (JSON Web Tokens) for access tokens and signs the userinfo response using the RS256 algorithm. This improves the security of the OIDC integration by providing better control over the token's content, easier revocation, and ensuring the integrity and authenticity of the userinfo data.

2. Client Expiry Management: The ability to set an expiry date for the OIDC client allows the application to properly manage the lifecycle of the OIDC client and ensure that expired clients are not used for authentication and authorization.

3. Sensitive Information Display: The changes in the userDetails.tsx file introduce a more secure way of displaying sensitive information, such as access tokens and ID tokens, by only showing a partial view by default and allowing users to opt-in to view the full contents. This reduces the risk of accidental exposure of sensitive data.

4. Secure Logout Functionality: The logout process now properly clears the cached authentication tokens and redirects the user to the OIDC end-session endpoint, ensuring that the user's session is terminated securely.

Overall, the changes in this pull request demonstrate a strong focus on improving the security and robustness of the OIDC integration and sensitive data handling within the application.

Files Changed:

1. demos/jans-tarp/src/options/registerClient.tsx:

   • Introduced the use of JWT access tokens and signed userinfo responses
   • Implemented the ability to set an expiry date for the OIDC client
   • Included error handling and logging mechanisms

2. demos/jans-tarp/src/options/userDetails.tsx:

   • Added state variables to control the display of sensitive information (access tokens, ID tokens, and user details)
   • Implemented a "Show more" functionality to balance user experience and security
   • Updated the logout functionality to clear cached authentication tokens and redirect the user to the OIDC end-session endpoint

Code Analysis

We ran 9 analyzers against 2 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

[mo-auto]

Error: Hi @duttarnab, You did not reference an open issue in your PR. I attempted to create an issue for you.
Please update that issues' title and body and make sure I correctly referenced it in the above PRs body.