[
https://issues.apache.org/jira/browse/KNOX-2703?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar resolved KNOX-2703.
---------------------------------
Resolution: Fixed
> Make acceptable JWT types configurable
> --------------------------------------
>
> Key: KNOX-2703
> URL: https://issues.apache.org/jira/browse/KNOX-2703
> Project: Apache Knox
> Issue Type: New Feature
> Components: Server
> Affects Versions: 1.6.0, 1.6.1, 1.6.2
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Fix For: 2.0.0
>
> Time Spent: 50m
> Remaining Estimate: 0h
>
> With KNOX-2149, one can define their own JWKS URL which Knox can use for
> verification.
> However, the current implementation only supports JWTs with {{"typ: JWT"}} in
> their headers (or not type definition at all). In previous JOSE versions,
> there were other supported types such as {{{}at+jwt{}}}.
> It'd be beneficial to have the list of allowed JWT types defined on the
> topology level. If not defined, Knox should use the current default
> ({{{}JWT{}}}).
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
