Closed macdonst closed 4 years ago
Thanks @macdonst!
@Aaronius np, I did a scan of what repos were using the package so I could let folks know about the change. You may want to setup https://greenkeeper.io/ on the repo which will automatically scan for new versions of dependencies and send you PR's when things change. It's installed for all of the adobe
org projects.
Description
I recently released @adobe/jwt-auth 0.3.0 which expires the temporary JWT it creates after 5 minutes. This is a security improvement I hope everyone move to.
Related Issue
https://github.com/adobe/jwt-auth/issues/23
Motivation and Context
The JWT token was valid for 24 hours but since we create the bearer token shortly after creating the JWT and the JWT is never re-used it should expire quickly.
How Has This Been Tested?
Generated an auth token, grabbed the JWT and tried to use it after 5 minutes elapsed time. It was rejected.
Screenshots (if appropriate):
Types of changes
Checklist: