zeroflag commented on code in PR #554:
URL: https://github.com/apache/knox/pull/554#discussion_r849245117
##########
gateway-server/src/main/java/org/apache/knox/gateway/services/token/impl/DefaultTokenAuthorityService.java:
##########
@@ -104,26 +103,15 @@ public void setAliasService(AliasService as) {
@Override
public JWT issueToken(JWTokenAttributes jwtAttributes) throws
TokenServiceException {
- String[] claimArray = new String[6];
- claimArray[0] = "KNOXSSO";
- claimArray[1] = jwtAttributes.getUserName();
- claimArray[2] = null;
- if (jwtAttributes.getExpires() == -1) {
- claimArray[3] = null;
- }
- else {
- claimArray[3] = String.valueOf(jwtAttributes.getExpires());
- }
final String algorithm = jwtAttributes.getAlgorithm();
if(SUPPORTED_HMAC_SIG_ALGS.contains(algorithm)) {
- claimArray[4] = null;
- claimArray[5] = null;
+ jwtAttributes.setKid(null);
Review Comment:
It follows the existing behaviour. @moresandeep do you remember why we need
to null out the the jku + kid when the sign algorithm is "HS256", "HS384" or
"HS512" ?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
