-
JWT means that users cannot invalidate tokens at will. This means that if someone were to compromise their account, their only option would be to allow the token to expire.
-
**Describe the enhancement:**
We are going to implement support for authentication based on JWT in Fleet Server. Elastic Agent should prefer the use of JWT when available.
**Describe a specific …
-
Some applications may want to authorize user input using multiple bearer tokens, for example an identity and an MAA token.
While there is no standard way to do that, we could support a slightly ext…
-
### Description
The x5t value generated by the APIM resident key manager in the JWT token due to an additional hexify step[1]. This hexify process is not in line with the specification[2].
Please …
-
-
Hello! Is there any way to change the error messages when there is no header and when the token is not valid? Currently the messages are the following
```js
{
"message": "authorization header…
-
We did some research into the best approach for handling logouts securely. Ticket [#43
](https://github.com/CDLUC3/dmsp_backend_prototype/issues/43). Please refer to the comments in that ticket for …
-
# :bug: Bug report
## Description
Unsigned/fake-signed JWT tokens work for the purpose of solving the JWT challenges, but Juice Shop responds with `401 Unauthorized {"status":"error","messag…
-
# Improve documentation
## Describe the problem
I've been struggling to figure out how to rotate the anon and service API tokens. I see that there's a `JWTSecret` in Secrets Manager that the [`J…
-
For updated situation, jump here: https://github.com/OWASP/ASVS/issues/2072#issuecomment-2351529509
---
For V1 cleanup from implementation requirements (#1063) I propose to move those requiremen…