Closed
Description
We can authorize by any user. For that we can use jwt token with empty shared_secret.
It's happen because
influxdb/services/httpd/handler.go
Lines 1585 to 1602 in e2af85d
In
Authentication and authorization in InfluxDB document we not mention anything about shared-secret variable.
Also sems like we also not check exp state of token. And once generated token valid forewer.