HJianBo
commented
4 years ago It seems to me that all of these configurations should be necessary to get it right. What trouble has it caused? Can you have a more detailed example?
Open milnet2 opened 4 years ago
HJianBo
commented
4 years ago It seems to me that all of these configurations should be necessary to get it right. What trouble has it caused? Can you have a more detailed example?
milnet2
commented
4 years ago Thank you for picking this up.
In our case the none-type is disallowed for legal reasons: We are using emqx as a broker for a medical application. A regulatory document explicitly states, this signature-type may not pass validation of a token.
Other than this emqx was a breeze to set up and we are really happy with it.
It would be nice to have a configuration option to disallow certain signature-types for JWT tokens or at least the "none"-type.
It will be nice if that worked "out of the box" at some point. Thank you for your consideration.