New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PR for Issue 12409: Add config attributes for OAuth introspection claim requirements #12745
Conversation
#build |
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_WXCPALTEEeqI3q2xeI2nKA Target locations of links might be accessible only to IBM employees. |
8d31083
to
78b64d6
Compare
Your Open Liberty build results are ready for viewing.
|
The build ayoho-12745-20200622-2119 |
78b64d6
to
8381b10
Compare
#run-libby-bot |
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_L4NU4LViEeqI3q2xeI2nKA Target locations of links might be accessible only to IBM employees. |
Code analysis and actionsDO NOT DELETE THIS COMMENT.
|
Your Open Liberty build results are ready for viewing.
|
The build ayoho-12745-20200623-1608 |
Resolves #12409
This PR adds two new boolean attributes to the OpenID Connect client configuration:
requireIatClaimForIntrospection
requireExpClaimForIntrospection
The default value for each is
true
, meaning the existing behavior is preserved where an error is returned if theexp
oriat
claims are missing from the token introspection response.When these attributes are set to
false
, the respective claims are not required to be in the introspection response. Nonetheless, if the claim is present in the response, it will still be checked to ensure it is valid (e.g. we'll validate theexp
claim to make sure the token isn't expired).