Problem:
IdToken impersonation is possible due to no enforcement being performed on input IdToken attestations configuration endpoints.
Solution:
Make sure the object key in the input attestation for an IdToken matches the expected configuration endpoint in the rules. Additionally, perf improvements due to no longer having to cycle through all IdTokens.
Validation:
Unit tests.
Type of change:
[ ] Feature work
[x] Bug fix
[ ] Documentation
[ ] Engineering change
[ ] Test
[ ] Logging/Telemetry
Risk:
[ ] High – Errors could cause MAJOR regression of many scenarios. (Example: new large features or high level infrastructure changes)
[x] Medium – Errors could cause regression of 1 or more scenarios. (Example: somewhat complex bug fixes, small new features)
[ ] Small – No issues are expected. (Example: Very small bug fixes, string changes, or configuration settings changes)
Problem: IdToken impersonation is possible due to no enforcement being performed on input IdToken attestations configuration endpoints.
Solution: Make sure the object key in the input attestation for an IdToken matches the expected configuration endpoint in the rules. Additionally, perf improvements due to no longer having to cycle through all IdTokens.
Validation: Unit tests.
Type of change:
Risk: