lmccay opened a new pull request, #926: URL: https://github.com/apache/knox/pull/926
## What changes were proposed in this pull request? While we have a change to introduce the ability to use multiple JWKS Urls to verify a token signature, without this change any tokens would need to have the same Issuer. This isn't ideal and limits the flexibility that we are looking for. This change is only an iteration beyond that approach but still not ideal. We will want to have a better isolation of the expected claims, algorithms, etc - per token. This will suffice for now but we will revisit it in the near future for better isolation. Here we will simply change the expectedIssuers param to be a List of Strings from a comma separated list and introduce a keyword "NONE" to indicate even though there are expected audiences for some tokens, it is also possible to accept a token with no audience as well. This is an opt-in only feature that requires the admin to configure "NONE" as an acceptable audience claim. This will pass when there are no audiences in the token or even if there is one called "NONE". Again, this will be revisited in the future and done better. ## How was this patch tested? New unit tests were added and existing tests run along with the new tests. Please review [Knox Contributing Process](https://cwiki.apache.org/confluence/display/KNOX/Contribution+Process#ContributionProcess-GithubWorkflow) before opening a pull request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
