search

IronCoreLabs / ironoxide

Rust SDK for IronCore Privacy Platform
https://docs.rs/ironoxide
GNU Affero General Public License v3.0
10 stars 3 forks source link

JWT validation doesn't allow conflicting prefixed and non-prefixed claims #280

Closed giarc3 closed 2 years ago

giarc3 commented 2 years ago

We currently use #[serde(alias = "...")] to allow claims like sid or http://ironcore/sid. If both are present, however, this will fail as serde sees them as duplicate keys.

We need to allow for both keys to be present during validation.

digitalconnectionsau commented 2 years ago

Hi, Thank you for looking at this. If you need anything let me know.

skeet70 commented 1 year ago

This issue should've been fixed by IronCoreLabs/ironoxide#281