[
https://issues.apache.org/jira/browse/TOMEE-2730?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
ASF GitHub Bot updated TOMEE-2730:
----------------------------------
Labels: pull-request-available (was: )
> Support JWT tokens without an exp claim
> ---------------------------------------
>
> Key: TOMEE-2730
> URL: https://issues.apache.org/jira/browse/TOMEE-2730
> Project: TomEE
> Issue Type: Improvement
> Affects Versions: 8.0.0-Final
> Reporter: Jonathan Gallimore
> Assignee: Jonathan Gallimore
> Priority: Major
> Labels: pull-request-available
> Fix For: 8.0.1
>
>
> At present TomEE will reject JWT tokens where the exp claim is a timestamp
> that is in the past. We also reject tokens where there is no exp claim at
> all. I propose adding a setting which will allow tokens without an exp claim
> to be accepted (see [https://tools.ietf.org/html/rfc7519#section-4.1.4)] .
> The current behavior (not allowing a token without an exp claim) would be the
> default, and the option to allow tokens without an exp would need to be
> explicitly enabled.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
