[jboss-jira] [JBoss JIRA] (WFLY-12978) Current implementation of MP-JWT doesn't require claims which should be required
Darran Lofthouse (Jira)
issues at jboss.org
Wed Jan 15 12:50:44 EST 2020
[ https://issues.redhat.com/browse/WFLY-12978?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Darran Lofthouse moved WFWIP-293 to WFLY-12978:
-----------------------------------------------
Project: WildFly (was: WildFly WIP)
Key: WFLY-12978 (was: WFWIP-293)
Component/s: MP JWT
(was: MP JWT)
> Current implementation of MP-JWT doesn't require claims which should be required
> --------------------------------------------------------------------------------
>
> Key: WFLY-12978
> URL: https://issues.redhat.com/browse/WFLY-12978
> Project: WildFly
> Issue Type: Bug
> Components: MP JWT
> Reporter: Jan Kasik
> Assignee: Darran Lofthouse
> Priority: Major
>
> Chapter 4.1 of MP-JWT 1.1 recommends minimal set of JWT claims which should be required.
> Current implementation doesn't check for following claims and returns 200/OK if they are missing:
> * {{upn}}
> * {{jti}}
> * {{groups}}
> * {{iat}}
> * {{sub}}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list