-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
jti requirements for replay prevention #32
Comments
The time that the token is valid needs to be scoped as well to limit the replay cache. Perhaps a recommendation on the limit, having the limit set by the AS in metadata and the AS/resources having an error code for rejection should the exp be too far in the future? |
BTW private_key_jwt and client_secret_jwt client assertions could also use such recommendation / negotiation on the jti/exp cache limits |
private_key_jwt & client_secret_jwt do have the following in bullet 4 of https://tools.ietf.org/html/rfc7523#section-3
which gets the idea across but is light on specifics. |
Agree, incrementing is error-prone. There is no harm in just using a fresh random value each time. I am wondering if we need an |
|
We’d have clock skew issues either way. I believe kerberos just has an ‘issued at’ equivalent, rather than defining a range.
I’d be in favor of just ‘iat’, as long as there’s enough information for a client to diagnose problems. I suppose in the end if the client suspects a clock drift, they can just offset/lie in their iat/exp keys anyway.
…-DW
On Apr 11, 2019, at 2:41 AM, Filip Skokan ***@***.***> wrote:
iat would have to be validated NOT to be in the future on the AS/RS and we'd get into clock skew issues. exp is in my opinion better so long as the recipient can reject it if it's too far in the future in order to maintain the replay cache.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub <#32 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAARpd9mMvWLIkLYS7xMYHppYu-BzTvNks5vfvVHgaJpZM4ci-5Y>.
|
It is more intuitive to set |
to me, it feels more intuitive to use exp since the client controls the expiration that way. iat moves that to the AS/RS, which feels contra-intuitive in this particular use case. |
I'll assume the conversation is discussing a difference between a To make a case against
On the flip side, sending two values allows the client:
My personal opinion? just |
I support |
https://tools.ietf.org/html/draft-fett-oauth-dpop-01#section-11.2 has
However, the "(incrementing or ...)" part might be problematic and lead to collisions and false positives on replay checks if
jti
alone is what is stored and checked server side when multiple clients (even instances of clients) are incrementing from the same or similar values forjit
. The server would need to trackjti
values qualified by the public key or something. And I'd think at that point it'd be easier to just say to track the whole JWT (or a hash thereof) for replay prevention.Or drop the "incrementing" part for
jti
and also have a minimum suggested or required entropy for unlikelihood of collisions globally. Probably 128 bits - i.e. 16 secure pseudorandom bytes that are base64url encoded gives something like"jti": "_ltc11acc9_ESC4bwc3u-8"
I guess the https://tools.ietf.org/html/rfc7519#section-4.1.7 definition of
jti
really kind of says that already. But I think people will see "incrementing" and potentially get it wrong. So some guidance might be useful. At least removing ""incrementing".The text was updated successfully, but these errors were encountered: