Closed wolf4ood closed 4 months ago
Currently in AccessTokenVerifierImpl we verify that si_token.sub == access_token.sub but we only issue a warning.
AccessTokenVerifierImpl
si_token.sub
access_token.sub
We should return a failure if a proof of possession check is failing
Feature Request
Currently in
AccessTokenVerifierImplwe verify thatsi_token.sub==access_token.subbut we only issue a warning.We should return a failure if a proof of possession check is failing