Open clementdenis opened 1 month ago
This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale
label.
This issue has been marked stale because there has been no activity within the last 14 days. To keep this issue active, remove the stale
label.
Describe the bug?
The ClientAssertionClaims struct in client.mustache has an ID field (jti claim)
https://github.com/okta/okta-sdk-golang/blob/097ef410838011d464266aa06e5fb720c9c7d6c2/.generator/templates/client.mustache#L1206-L1213
but this is not used in createClientAssertion
https://github.com/okta/okta-sdk-golang/blob/097ef410838011d464266aa06e5fb720c9c7d6c2/.generator/templates/client.mustache#L349-L359
What is expected to happen?
The client assertion token should have a jti claim to prevent reuse.
What is the actual behavior?
The client assertion token can be used multiple times.
Reproduction Steps?
N/A
Additional Information?
The other SDKs add a jti claim:
Golang Version
Any
SDK Version
Latest
OS version
No response