platform Support claims entity type in opa/ERS

Enable the claims entity type in opa. It should not call ERS when the entity type is claims but rather should evaluate the subject mappings on the claims themselves. (I believe this is the expected behavior for this flow.) It should be assumed claims is a type that can be parsed/queried by jq.

May 13 '24 15:05 elizabethhealy

should help solve https://github.com/opentdf/platform/issues/785

May 13 '24 18:05 elizabethhealy

It should be assumed claims is a type that can be parsed/queried by jq.

Do we need full jq support, or could we keep it simple and only support object dot-notation? I have no opinion if we use a jq compliant library under the hood, but limiting what we advertise will reduce complexity and cost less to maintain.

That said, since OIDC requires JWT I think this is a safe assumption... if not then we fail ans unauthorized.

May 14 '24 15:05 jrschumacher

@jrschumacher im fine either way, i think dot notation is probably simpler and easier to support, or maybe some variation of dot notation that also supports like like item1.item2[*]

May 15 '24 14:05 elizabethhealy

@elizabethhealy is this completed or should we reopen?

Jul 24 '24 01:07 jrschumacher

we should reopen, i think there was another ticket issue linked to this as well, ill find it

Jul 26 '24 14:07 elizabethhealy

relates to https://github.com/opentdf/platform/issues/785

Jul 26 '24 14:07 elizabethhealy