Added two further checks for the JWT and the JWS

jaredhanson / passport-openidconnect

OpenID Connect authentication strategy for Passport and Node.js.

https://www.passportjs.org/packages/passport-openidconnect/?utm_source=github&utm_medium=referral&utm_campaign=passport-openidconnect&utm_content=about

MIT License

188 stars 173 forks source link

Added two further checks for the JWT and the JWS #50

Open PhilipSkinner opened 7 years ago

PhilipSkinner commented 7 years ago

Added in a the recommended check for validating the time the JWT was issued against the expiry time - probably to deal with machines with different clocks.

Added in the recommended check to ensure there is an algorithm provided in the jose header, though this does not check the signing thumbprint against those that can be read from the well known endpoint.

jaredhanson commented 2 years ago

This PR isn't diff'ing cleanly. I'll attempt to review this and merge by hand.