Nils Junike ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5dfab695fc90030cadf0d5ef ) *created* an issue
GeoServer ( https://osgeo-org.atlassian.net/browse/GEOS?atlOrigin=eyJpIjoiYzEzNDY5Y2JhYzNlNGIyNjllMGQ2N2ZiZDQ0ZTc5YTQiLCJwIjoiaiJ9 ) / Bug ( https://osgeo-org.atlassian.net/browse/GEOS-10770?atlOrigin=eyJpIjoiYzEzNDY5Y2JhYzNlNGIyNjllMGQ2N2ZiZDQ0ZTc5YTQiLCJwIjoiaiJ9 ) GEOS-10770 ( https://osgeo-org.atlassian.net/browse/GEOS-10770?atlOrigin=eyJpIjoiYzEzNDY5Y2JhYzNlNGIyNjllMGQ2N2ZiZDQ0ZTc5YTQiLCJwIjoiaiJ9 ) Support list of audiences (aud) when validating Oauth 2.0 Bearer Tokens ( https://osgeo-org.atlassian.net/browse/GEOS-10770?atlOrigin=eyJpIjoiYzEzNDY5Y2JhYzNlNGIyNjllMGQ2N2ZiZDQ0ZTc5YTQiLCJwIjoiaiJ9 ) Issue Type: Bug Affects Versions: 2.22.0 Assignee: Unassigned Components: OAuth2 Created: 06/Dec/22 6:04 PM Priority: Medium Reporter: Nils Junike ( https://osgeo-org.atlassian.net/secure/ViewProfile.jspa?accountId=5dfab695fc90030cadf0d5ef ) According to RFC 6750 ( https://www.rfc-editor.org/rfc/rfc6750 ) Bearer Tokens are allowed to contain a list of audience claims, but current validation only support a single String as "aud" value. ( https://osgeo-org.atlassian.net/browse/GEOS-10770#add-comment?atlOrigin=eyJpIjoiYzEzNDY5Y2JhYzNlNGIyNjllMGQ2N2ZiZDQ0ZTc5YTQiLCJwIjoiaiJ9 ) Add Comment ( https://osgeo-org.atlassian.net/browse/GEOS-10770#add-comment?atlOrigin=eyJpIjoiYzEzNDY5Y2JhYzNlNGIyNjllMGQ2N2ZiZDQ0ZTc5YTQiLCJwIjoiaiJ9 ) Get Jira notifications on your phone! Download the Jira Cloud app for Android ( https://play.google.com/store/apps/details?id=com.atlassian.android.jira.core&referrer=utm_source%3DNotificationLink%26utm_medium%3DEmail ) or iOS ( https://itunes.apple.com/app/apple-store/id1006972087?pt=696495&ct=EmailNotificationLink&mt=8 ) This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100211- sha1:7eca2fb )
_______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
