I'll give the JWT module a peek. Lack of caching is maybe an issue (but can be
'farmed out' to something else for caching purposes).
Perhaps this would be better considered as an error with the existing
`secsipid_check()` function in that it will only validate `shaken` passport
types, and the ask should be simply to eliminate this check.
> _`secsipid_check(sIdentity, keyPath)`_
>
>Check the validity of the "sIdentity" parameter using the keys stored in the
>file specified by "keyPath". If the keyPath parameter is empty, the function
>is downloading the key using the URL from "info" parameter of the sIdentity,
>using the value of "timeout" parameter to limit the download time. The
>validity of the JWT in the sIdentity value is also checked against the
>"expire" parameter.
The function notes, "Further checks can be done with config operations,
decoding the JWT header and payload using {s.select} and {s.decode.base64t}
transformations together with jansson module.", which is a very clean waay to
handle this, and the function here should just be less opinionated on what is
and isn't a valid Identity header?
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3784#issuecomment-1988777507
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3784/1988777...@github.com>
_______________________________________________
Kamailio (SER) - Development Mailing List
To unsubscribe send an email to sr-dev-le...@lists.kamailio.org