Benoit Tellier created JAMES-3423:
-------------------------------------
Summary: WebAdmin should have it's ownJWT public key
Key: JAMES-3423
URL: https://issues.apache.org/jira/browse/JAMES-3423
Project: James Server
Issue Type: Improvement
Components: webadmin
Reporter: Benoit Tellier
Fix For: 3.6.0
Today, webadmin relies on JWT configuration for the JMAP protocol.
This brings concerns, as the tenant are distinct (users vs admins), and the
token issuers are likely distinct.
The compromission of a webmail service would today easily grant access to the
webadmin APIs.
As such it is desirable to be able to specify distinct keys for both protocols.
In order to avoid breaking changes, if the webadmin JWT public key is
unspecified, we should fallback to the JMAP one.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
