The default behavior of the tool should be to validate JWT tokens that are signed with RSA. The initial implementation will not validate HSxxx (HMAC shared secret) tokens nor other public key signatures besides RSA. These can be supported later.
The validation procedure will adhere to the following rules:
validate RSA signature using the key from the JWKS endpoint
The default behavior of the tool should be to validate JWT tokens that are signed with RSA. The initial implementation will not validate HSxxx (HMAC shared secret) tokens nor other public key signatures besides RSA. These can be supported later.
The validation procedure will adhere to the following rules:
iss
,nbf
,iat
andexp
claimsrecommended guidelines