Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-7693

Allow JWT audience claims validation not RFC 7519 compliant

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 3.2.4
    • 3.1.16, 3.2.5
    • JAX-RS Security
    • None
    • Unknown

    Description

      Current JwtUtils.validateJwtAudienceRestriction implementation does not comply with the 'aud' claim specification. An 'aud' claim is optional - the current validation does not cater for the case when the 'aud' claim is optional i.e. when no aud claims are present, the processing principal should be allowed to process if it so chooses.

       

      Should perhaps also consider allowing explicit audiences vs wildcards i.e. allowing a resource to also include all its sub-resources - this would reduce the token size which does not scale well if the token has to contain multiple aud claims

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. CXF-7696 Allow JWT aud claim to accept wildcards / nested resources

          • Major - Major loss of function.
          • Open

          Activity

            People

              coheigea Colm O hEigeartaigh
              jomacdoe Jo Evans
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: