[TOMEE-2730] Support JWT tokens without an exp claim - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 8.0.0-Final
Fix Version/s: 8.0.1
Component/s: None
Labels:
- pull-request-available

Description

At present TomEE will reject JWT tokens where the exp claim is a timestamp that is in the past. We also reject tokens where there is no exp claim at all. I propose adding a setting which will allow tokens without an exp claim to be accepted (see https://tools.ietf.org/html/rfc7519#section-4.1.4) . The current behavior (not allowing a token without an exp claim) would be the default, and the option to allow tokens without an exp would need to be explicitly enabled.

Attachments

Issue Links

links to

GitHub Pull Request #604

Activity

People

Assignee:: Jonathan Gallimore

Reporter:: Jonathan Gallimore

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 08/Nov/19 16:14

Updated:: 23/Dec/19 11:31

Resolved:: 23/Dec/19 11:31