Our JWT validation in ironoxide is intended to be a simple sanity check before sending to the server (which does actual validation). We were previously not allowing both http://ironcore/sid and sid claims to be present as serde would attempt to put them both in the sid field. The claims and their prefixed versions are now all Options, and we validate that at least one of each is present.
Our JWT validation in ironoxide is intended to be a simple sanity check before sending to the server (which does actual validation). We were previously not allowing both
http://ironcore/sid
andsid
claims to be present as serde would attempt to put them both in thesid
field. The claims and their prefixed versions are now all Options, and we validate that at least one of each is present.