Open sandhose opened 1 year ago
It seems like we're not validating anything form the JWTs sent for client auth. What should be checked is defined in RFC7523: https://www.rfc-editor.org/rfc/rfc7523#section-3
For your information, this issue has been copied over to the Element fork of matrix-authentication-service: https://github.com/element-hq/matrix-authentication-service/issues/907
matrix-authentication-service
It seems like we're not validating anything form the JWTs sent for client auth. What should be checked is defined in RFC7523: https://www.rfc-editor.org/rfc/rfc7523#section-3