Please sign in to comment.
[SECURITY-208] Validate the hd claim
If the user configures a "Google Apps Domain", then the hd claim of the JSON Web token must be validated as matching that configured domain. https://developers.google.com/identity/protocols/OpenIDConnect?hl=en#hd-param
- Loading branch information...
Showing with 8 additions and 1 deletion.