Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azure auth provider should validate token audience #244

Closed
weinong opened this issue Feb 6, 2020 · 0 comments · Fixed by #246
Closed

azure auth provider should validate token audience #244

weinong opened this issue Feb 6, 2020 · 0 comments · Fixed by #246

Comments

@weinong
Copy link
Contributor

weinong commented Feb 6, 2020

Current azure auth provider does not validate token audience matching the client ID. ref and ref. This is not following the recommended practice in validating AAD token:

To validate access tokens, your app should also validate the issuer, the audience, and the signing tokens.

To prevent from breaking existing guard user, we should add an option to perform client ID validation
@weinong weinong mentioned this issue Feb 7, 2020
Merged
tamalsaha pushed a commit that referenced this issue Feb 13, 2020
@weinong
Add option to verify client ID (#246)
9b0d71a 
Add an option in azure auth module to verify client ID which follows the best practice from Azure AD
It fixes #244 

Signed-off-by: Weinong Wang <weinong@outlook.com>
nightfury1204 pushed a commit to nightfury1204/guard that referenced this issue Jul 3, 2020
@weinong @nightfury1204
Add option to verify client ID (kubeguard#246)
00fdead 
Add an option in azure auth module to verify client ID which follows the best practice from Azure AD
It fixes kubeguard#244 

Signed-off-by: Weinong Wang <weinong@outlook.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option to verify client ID weinong/guard
1 participant
@weinong