Closed issmith1 closed 5 years ago
'authorities' has been removed from token (Dec 13) But needs more work.
As per https://www.owasp.org/index.php/REST_Security_Cheat_Sheet, "Some claims have been standardised and should be present in JWT" eg, iss, aud, exp and nbf
As per Slack discussion Joey (UTM Chief Engineer) [Dec 13th at 11:14 AM] we need to remove expires_in from yaml. we need to remove authorities from token. there are probalby 2 or three other changes needed one way or the other.
@issmith1 I think we are good on this one, right? Can close?
Publication of the UAS Service Supplier Framework for Authentication and Authorization will lock down the status of the JWT claims.
'authorities' has been removed from token (Dec 13) But needs more work.
As per https://www.owasp.org/index.php/REST_Security_Cheat_Sheet, "Some claims have been standardised and should be present in JWT" eg, iss, aud, exp and nbf
As per Slack discussion Joey (UTM Chief Engineer) [Dec 13th at 11:14 AM] we need to remove expires_in from yaml. we need to remove authorities from token. there are probalby 2 or three other changes needed one way or the other.