[
https://issues.apache.org/jira/browse/KNOX-2703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar updated KNOX-2703:
--------------------------------
Description:
With KNOX-2149, one can define their own JWKS URL which Knox can use for
verification.
However, the current implementation only supports JWTs with {{"typ: JWT"}} in
their headers (or not type definition at all). In previous JOSE versions, there
were other supported types such as {{{}at+jwt{}}}.
It'd be beneficial to have the list of allowed JWT types defined on the
topology level. If not defined, Knox should use the current default
({{{}JWT{}}}).
was:
With KNOX-2149, one can define their own JKW URL which Knox can use for
verification.
However, the current implementation only supports JWTs with {{"typ: JWT"}} in
their headers. In previous JOSE versions, there were other supported types such
as {{{}at+jwt{}}}.
It'd be beneficial to have the list of allowed JWT types defined on the
topology level. If not defined, Knox should use the current default
({{{}JWT{}}}).
> Make acceptable JWT types configurable
> --------------------------------------
>
> Key: KNOX-2703
> URL: https://issues.apache.org/jira/browse/KNOX-2703
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 1.6.0, 1.6.1, 1.6.2
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> With KNOX-2149, one can define their own JWKS URL which Knox can use for
> verification.
> However, the current implementation only supports JWTs with {{"typ: JWT"}} in
> their headers (or not type definition at all). In previous JOSE versions,
> there were other supported types such as {{{}at+jwt{}}}.
> It'd be beneficial to have the list of allowed JWT types defined on the
> topology level. If not defined, Knox should use the current default
> ({{{}JWT{}}}).
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
