From 770320731735d906c6ba1b15dbc14f3b6ef8912c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Dunglas?= Date: Tue, 22 Feb 2022 14:43:06 +0100 Subject: [PATCH] spec!: force the publisher JWT to contain the allowed topics --- spec/mercure.md | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/spec/mercure.md b/spec/mercure.md index cd1197da..1ffa6b9b 100644 --- a/spec/mercure.md +++ b/spec/mercure.md @@ -386,13 +386,8 @@ To be allowed to publish an update, the JWS presented by the publisher **MUST** called `mercure`, and this claim **MUST** contain a `publish` key. `mercure.publish` contains an array of topic selectors. See (#topic-selectors). -If `mercure.publish`: - - * is not defined, then the publisher **MUST NOT** be authorized to dispatch any update - - * contains an empty array, the publisher **MUST NOT** be authorized to publish private updates, - but can publish public updates for all topics. - +If `mercure.publish` is not defined, then the publisher **MUST NOT** be authorized +to dispatch any update. Otherwise, the hub **MUST** check that every topics of the update to dispatch matches at least one of the topic selectors contained in `mercure.publish`.