You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.
In order to avoid MITM attacks, the http client loading the keys should support certificate pinning and yield a warning if the feature is not defined.
For example, if using Auth0 jwks endpoint, the client should be pinned to the AWS certificate.
The text was updated successfully, but these errors were encountered: