Add support for specific JOSE header types #161
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ramosbugs
reviewed
Apr 17, 2024
| @@ -118,6 +118,7 @@ pub(crate) struct JwtClaimsVerifier<'a, K> | |||
| where | |||
| K: JsonWebKey, | |||
| { | |||
| allowed_jose_types: Option<Vec<JsonWebTokenType>>, | |||
There was a problem hiding this comment.
based on my comment in #160, let's just change this to is_typ_check_enabled: bool
lmm-git
force-pushed
the
feature/specific-jose-header-verifiation
branch
from
a3ff11c
to
64a6735
Compare
lmm-git
force-pushed
the
feature/specific-jose-header-verifiation
branch
2 times, most recently
from
945841f
to
00aec27
Compare
Check https://www.rfc-editor.org/rfc/rfc7519#section-5.1 and https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.9 for more information on when the typ header should be set and to which value. This commit allows to skip the check altogether as warranted by RFC 7515 the use of the header is optional but if set, according to RFC 7519, it should be set to "JWT". For other token types this is different (see RFC 9068).
lmm-git
force-pushed
the
feature/specific-jose-header-verifiation
branch
from
00aec27
to
3813558
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check https://www.rfc-editor.org/rfc/rfc7519#section-5.1 and https://datatracker.ietf.org/doc/html/rfc7515#section-4.1.9 for more information on when the typ header should be set and to which value.
This commit allows to skip the check altogether as warranted by RFC 7515 the use of the header is optional but if set, according to RFC 7519, it should be set to "JWT". For other token types this is different (see RFC 9068).
Resolves #160