Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jti replay protection should be optional #103

Open
philhug opened this issue Feb 10, 2017 · 2 comments · May be fixed by #119
Open

jti replay protection should be optional #103

philhug opened this issue Feb 10, 2017 · 2 comments · May be fixed by #119

Comments

@philhug
Copy link
Contributor

philhug commented Feb 10, 2017

When using jwtproxy as a generic oauth2-proxy which verifies access tokens, a client will reuse the same access token it received from the IdP as long as it remains valid.

I can prepare a PR if this sounds reasonable to you.
@mshaposhnik
Copy link

A strong +1 for that...

@mikelduke mikelduke linked a pull request Jun 17, 2019 that will close this issue
Open
@mikelduke
Copy link
Contributor

I made a new storage type for none to disable the jti nonce storage and always pass verification.

I submitted a PR with this which will allow for jwt reuse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

NonceStorage: Optional JTI Validation mikelduke/jwtproxy
3 participants
@philhug @mshaposhnik @mikelduke