You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The fact the in the tests JWTs are being recognized as valid when I run these tests today makes be believe, that the validity of the cert is not checked (The cert is invalid because it is not 2016 any more).
The integrations for koa, express, etc, in this package should check the validity of the cert provided by the JWKSClient. At least the lifetime and the hostname.
The variable publicKey should be renamed to certificate because it is a cert, not a public key, which is quite confusing.
The text was updated successfully, but these errors were encountered:
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you have not received a response for our team (apologies for the delay) and this is still a blocker, please reply with additional information or just a ping. Thank you for your contribution! 🙇♂️
I was looking at the tests and checked the mock data. More specifically the certificate used for mocks in the tests:
node-jwks-rsa/tests/mocks/keys.js
Lines 1 to 17 in dba6315
It has the following props:
And is used for example here:
node-jwks-rsa/tests/koa.tests.js
Lines 172 to 196 in dba6315
The fact the in the tests JWTs are being recognized as valid when I run these tests today makes be believe, that the validity of the cert is not checked (The cert is invalid because it is not 2016 any more).
publicKey
should be renamed tocertificate
because it is a cert, not a public key, which is quite confusing.The text was updated successfully, but these errors were encountered: