Skip to content

feat: oauth2 stateless jwt access tokens #2368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

feat: oauth2 stateless jwt access tokens #2368

wants to merge 5 commits into from
+173 −0

Conversation

@shaunnkhan
Copy link
Contributor

@shaunnkhan shaunnkhan commented Nov 26, 2025

Related Issue or Design Document

Add documentation around stateless JWT access token OEL feature

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have referenced an issue containing the design document if my change introduces a new feature.
  • I have read the security policy.
  • I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security vulnerability,
    I confirm that I got approval (please contact security@ory.com) from the maintainers to push the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added the necessary documentation within the code base (if appropriate).

vinckr
vinckr requested changes Nov 26, 2025
View reviewed changes
Copy link
Member

@vinckr vinckr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks, looks pretty good already although I do get very strong written by AI vibes 😁

it probably would fit here into the sidebar https://www.ory.com/docs/guides/token-management

left some style comments + also added upstream label since I assume this is for an upcoming feature

@vinckr vinckr added the upstream Issue is caused by an upstream dependency. label Nov 26, 2025
@vinckr vinckr requested a review from unatasha8 November 26, 2025 19:06
@shaunnkhan
Copy link
Contributor Author

shaunnkhan commented Nov 26, 2025

thanks, looks pretty good already although I do get very strong written by AI vibes 😁

Yeah, and I had already trimmed some of the fat. 😁 I cleaned it up a bit more.

it probably would fit here into the sidebar https://www.ory.com/docs/guides/token-management

This feature is currently only meant for OEL, so is that sidebar location still applicable? Also, how can I add this to the sidebar?

left some style comments + also added upstream label since I assume this is for an upcoming feature

Thank you!

@vinckr
Copy link
Member

vinckr commented Nov 26, 2025

This feature is currently only meant for OEL, so is that sidebar location still applicable? Also, how can I add this to the sidebar?

You're right, we have a separate section for OEL only.
in that case you want to add it here - you'll need to add the document id for it to appear in the sidebar.

unatasha8
unatasha8 reviewed Nov 26, 2025
View reviewed changes
unatasha8
unatasha8 reviewed Nov 26, 2025
View reviewed changes
unatasha8
unatasha8 reviewed Nov 26, 2025
View reviewed changes
unatasha8
unatasha8 approved these changes Nov 26, 2025
View reviewed changes
Copy link
Contributor

@unatasha8 unatasha8 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added some suggestions.

@shaunnkhan shaunnkhan requested a review from vinckr November 26, 2025 22:46
vinckr
vinckr approved these changes Nov 27, 2025
View reviewed changes
Copy link
Member

@vinckr vinckr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice 🐝
lgtm

let's wait until the feature is released before merging though.

zepatrik
zepatrik reviewed Dec 1, 2025
View reviewed changes
Copy link
Member

@zepatrik zepatrik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would still be good to add a huge disclaimer that these tokens cannot be revoked anymore, and when someone should not use this feature.

@zepatrik zepatrik changed the title docs: oauth2 stateless jwt access tokens feat: oauth2 stateless jwt access tokens Dec 1, 2025
@shaunnkhan
Copy link
Contributor Author

shaunnkhan commented Dec 1, 2025

I think it would still be good to add a huge disclaimer that these tokens cannot be revoked anymore, and when someone should not use this feature.

@zepatrik, I've re-added the sections detailing when to and when not to use this feature.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zepatrik zepatrik zepatrik left review comments

@vinckr vinckr vinckr approved these changes

@unatasha8 unatasha8 unatasha8 approved these changes

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

@piotrmsc piotrmsc Awaiting requested review from piotrmsc piotrmsc is a code owner

Assignees

@shaunnkhan shaunnkhan

Labels

upstream Issue is caused by an upstream dependency.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@shaunnkhan @vinckr @zepatrik @unatasha8