[jboss-jira] [JBoss JIRA] (WFWIP-293) Current implementation of MP-JWT doesn't require claims which should be required
Darran Lofthouse (Jira)
issues at jboss.org
Tue Jan 7 06:52:03 EST 2020
[ https://issues.redhat.com/browse/WFWIP-293?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13942584#comment-13942584 ]
Darran Lofthouse commented on WFWIP-293:
----------------------------------------
I will have a look at this one now.
> Current implementation of MP-JWT doesn't require claims which should be required
> --------------------------------------------------------------------------------
>
> Key: WFWIP-293
> URL: https://issues.redhat.com/browse/WFWIP-293
> Project: WildFly WIP
> Issue Type: Bug
> Components: MP JWT
> Reporter: Jan Kasik
> Assignee: Darran Lofthouse
> Priority: Critical
>
> Chapter 4.1 of MP-JWT 1.1 recommends minimal set of JWT claims which should be required.
> Current implementation doesn't check for following claims and returns 200/OK if they are missing:
> * {{upn}}
> * {{jti}}
> * {{groups}}
> * {{iat}}
> * {{sub}}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list