From 4e89ae0fdcad3131863fc829336541610ba60228 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 22 Feb 2022 14:43:06 +0100 Subject: [PATCH] spec!: force the publisher JWT to contain the allowed topics --- spec/mercure.md | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/spec/mercure.md b/spec/mercure.md index cd1197da..a7fe927c 100644 --- a/spec/mercure.md +++ b/spec/mercure.md @@ -386,12 +386,7 @@ To be allowed to publish an update, the JWS presented by the publisher **MUST** called `mercure`, and this claim **MUST** contain a `publish` key. `mercure.publish` contains an array of topic selectors. See (#topic-selectors). -If `mercure.publish`: - - * is not defined, then the publisher **MUST NOT** be authorized to dispatch any update - - * contains an empty array, the publisher **MUST NOT** be authorized to publish private updates, - but can publish public updates for all topics. +If `mercure.publish` is not defined, then the publisher **MUST NOT** be authorized to dispatch any update Otherwise, the hub **MUST** check that every topics of the update to dispatch matches at least one of the topic selectors contained in `mercure.publish`.