Deny Opaque Access Tokens because they are not possible to verify that they are valid. #125

dniel · 2019-09-18T15:44:29Z

After asking for help on the Auth0 community board I get the following advice.
https://community.auth0.com/t/how-to-verify-a-if-access-token/30840/2

I think its best and less error prone to just deny access to opaque tokens.
this will break backwards compatibility for some but hopefully most uses an audience to specify the API that the access token is for, which makes the access token to a verifiable jwt token.
https://community.auth0.com/t/why-is-my-access-token-not-a-jwt/31028

If you want to configure the traefik-forward-auth without using an API, create an Default API and set for the tenant to be sure that the access_token always is a verifiable jwt token

dniel added the enhancement New feature or request label Sep 18, 2019

dniel self-assigned this Sep 18, 2019

dniel added this to In progress in v2 Sep 18, 2019

dniel moved this from In progress to Testing in v2 Sep 18, 2019

dniel moved this from Testing to Done in v2 Jan 29, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deny Opaque Access Tokens because they are not possible to verify that they are valid. #125

Deny Opaque Access Tokens because they are not possible to verify that they are valid. #125

dniel commented Sep 18, 2019

Deny Opaque Access Tokens because they are not possible to verify that they are valid. #125

Deny Opaque Access Tokens because they are not possible to verify that they are valid. #125

Comments

dniel commented Sep 18, 2019