You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Although documented, even experienced users get confused by the default constraints (aud in particular) provided by io.jwt.decode_verify. I think we might want to consider recommending verifying and decoding as a two-step process, i.e.
I generally agree, but we should also give examples of checking the nbf/exp, aud etc criteria from rego, then, maybe? Or at least call out the difference, and that you can't replace snippet 1 with snippet 2 and expect everything to be the same.
Although documented, even experienced users get confused by the default constraints (
aud
in particular) provided byio.jwt.decode_verify
. I think we might want to consider recommending verifying and decoding as a two-step process, i.e.Avoid
Prefer
The text was updated successfully, but these errors were encountered: