Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[policy][jwt] Algorithm not compatible when moving from gravitee 1.20 to 1.25 #2294

Closed
brasseld opened this issue May 24, 2019 · 0 comments

Comments

@brasseld
Copy link
Member

commented May 24, 2019

In 1.20, user does not have to set the algorithm and it was up to the policy to get the algorithm from the JWT headers.

As of 1.25, it is required to set the algorithm as part of the policy configuration. This is mandatory because if we rely on the algorithm from JWT header, someone can set the alg: none and the token will no more being validated.

@brasseld brasseld added this to the APIM - 1.25.5 milestone May 24, 2019

@brasseld brasseld self-assigned this May 24, 2019

brasseld added a commit to gravitee-io/gravitee-policy-jwt that referenced this issue May 24, 2019

fix(jwt): The signature algorithm may not be defined for a policy con…
…figuration from previous version of Gravitee.io

In that case, we rely on the algorithm from the JWT headers.

closes gravitee-io/issues#2294

brasseld added a commit to gravitee-io/gravitee-policy-jwt that referenced this issue May 24, 2019

fix(jwt): The signature algorithm may not be defined for a policy con…
…figuration from previous version of Gravitee.io

In that case, we rely on the algorithm from the JWT headers.

closes gravitee-io/issues#2294

tcompiegne added a commit to gravitee-io/gravitee-policy-jwt that referenced this issue May 28, 2019

fix(jwt): The signature algorithm may not be defined for a policy con…
…figuration from previous version of Gravitee.io

In that case, we rely on the algorithm from the JWT headers.

closes gravitee-io/issues#2294

@aelamrani aelamrani closed this May 28, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.