[jboss-jira] [JBoss JIRA] (WFWIP-293) Current implementation of MP-JWT doesn't require claims which should be required
Darran Lofthouse (Jira)
issues at jboss.org
Wed Jan 15 12:50:43 EST 2020
[ https://issues.redhat.com/browse/WFWIP-293?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse updated WFWIP-293:
-----------------------------------
Priority: Major (was: Critical)
> Current implementation of MP-JWT doesn't require claims which should be required
> --------------------------------------------------------------------------------
>
> Key: WFWIP-293
> URL: https://issues.redhat.com/browse/WFWIP-293
> Project: WildFly WIP
> Issue Type: Bug
> Components: MP JWT
> Reporter: Jan Kasik
> Assignee: Darran Lofthouse
> Priority: Major
>
> Chapter 4.1 of MP-JWT 1.1 recommends minimal set of JWT claims which should be required.
> Current implementation doesn't check for following claims and returns 200/OK if they are missing:
> * {{upn}}
> * {{jti}}
> * {{groups}}
> * {{iat}}
> * {{sub}}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list