Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWK client with certificate pinning #3

Closed
kpacha opened this issue Jul 30, 2018 · 2 comments
Closed

JWK client with certificate pinning #3

kpacha opened this issue Jul 30, 2018 · 2 comments
Labels
locked

Comments

@kpacha
Copy link
Member

kpacha commented Jul 30, 2018

In order to avoid MITM attacks, the http client loading the keys should support certificate pinning and yield a warning if the feature is not defined.

For example, if using Auth0 jwks endpoint, the client should be pinned to the AWS certificate.
@kpacha
Copy link
Member Author

kpacha commented Jul 30, 2018

I've created this PR in order to get the required changes in the actual JWK client implementation https://github.com/auth0-community/go-auth0/pull/38

@kpacha kpacha mentioned this issue Aug 17, 2018
Merged
@kpacha kpacha closed this as completed Sep 1, 2018
@github-actions
Copy link

github-actions bot commented Apr 7, 2022

This issue was marked as resolved a long time ago and now has been automatically locked as there has not been any recent activity after it. You can still open a new issue and reference this link.

@github-actions github-actions bot added the locked label Apr 7, 2022
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Apr 7, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
locked
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kpacha