Jo Evans created CXF-7693:
-----------------------------
Summary: Allow JWT audience claims validation not RFC 7519
compliant
Key: CXF-7693
URL: https://issues.apache.org/jira/browse/CXF-7693
Project: CXF
Issue Type: Improvement
Components: JAX-RS Security
Affects Versions: 3.2.4
Reporter: Jo Evans
Current JwtUtils.validateJwtAudienceRestriction implementation does not comply
with the 'aud' claim specification. An 'aud' claim is optional - the current
validation does not cater for the case when the 'aud' claim is optional i.e.
when no aud claims are present, the processing principal should be allowed to
process if it so chooses.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
