[
https://issues.apache.org/jira/browse/CXF-7696?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16454349#comment-16454349
]
ASF GitHub Bot commented on CXF-7696:
-------------------------------------
coheigea commented on issue #400: [CXF-7696] Validate audience restriction
using wildcard
URL: https://github.com/apache/cxf/pull/400#issuecomment-384671739
The patch doesn't apply with the latest master code. I think it would be
better to introduce a new configuration variable to support wildcard matching,
rather than re-using JwtConstants.EXPECTED_CLAIM_AUDIENCE.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
> Allow JWT aud claim to accept wildcards / nested resources
> ----------------------------------------------------------
>
> Key: CXF-7696
> URL: https://issues.apache.org/jira/browse/CXF-7696
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS Security
> Affects Versions: 3.2.4
> Reporter: Jo Evans
> Priority: Major
> Fix For: 3.2.5
>
>
> Allowing explicit audiences vs wildcards i.e. allowing a resource to also
> include all its sub-resources - this would reduce the token size which does
> not scale well if the token has to contain multiple aud claims
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
