Open peppelinux opened 2 years ago
Following the work made in release https://github.com/italia/spid-cie-oidc-django/releases/tag/v0.8.2
we have to consider that we don't have any mechanisms to check if a private_key_jwt is replied. I think that we should do something in this side to improve the security, the lookup parameter would be jti
jti
Following the work made in release https://github.com/italia/spid-cie-oidc-django/releases/tag/v0.8.2
we have to consider that we don't have any mechanisms to check if a private_key_jwt is replied. I think that we should do something in this side to improve the security, the lookup parameter would be
jti