-
### Description
The context is IAM integration and validating user tokens (JWT) provided by the identity provider. When a JWT is returned, it may be signed (depending on the identity provider). T…
-
### Is this the right place to submit this?
- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio
### Bug Description
We use an applicatio…
-
Hi,
Are there plans to support JWKS as signing and validation method?
right now it is only possible to have a shared secret but that is not optimal.
-
### Is this the right place to submit this?
- [X] This is not a security vulnerability or a crashing bug
- [X] This is not a question about how to use Istio
### Bug Description
I updated ist…
-
All keys available for encryption via SDK clients should be exposed with a JWKS endpoint.
Each JWK should have a property that can be used to match an attribute to a key.
relates to:
- https://…
-
### Description
We had a small surprise when doing tests on latest master in regards to
token authentication. When trying out the code at commit 2314320a70a88dd1527b37d058066b5e7cad8afa
the service…
-
**Describe the bug**
The default (and only) JWK set builder considers all "keys" members as secret, even if the set contains only public keys.
In turn, this results in a failure to serialize t…
-
To handle key rotation, from what I understand it's common to have a [JSON Web Key Set](https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-key-set-properties) (JWKS) file ([related standard…
-
RP Entity Configuration + Subordinate Statements adding authorized data in the request
````
{
"typ": "entity-statement+jwt",
"alg": "ES256",
"kid": "2HnoFS3YnC9tjiCaivhWnXAdNuA",
}
.
{…
-
**Is your feature request related to a problem? Please describe.**
When building the resource server configuration, there is no option to provide the JWK cache which can be passed to the NimbusJwtDec…