You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Current azure auth provider does not validate token audience matching the client ID. ref and ref. This is not following the recommended practice in validating AAD token:
To validate access tokens, your app should also validate the issuer, the audience, and the signing tokens.
To prevent from breaking existing guard user, we should add an option to perform client ID validation
The text was updated successfully, but these errors were encountered:
Add an option in azure auth module to verify client ID which follows the best practice from Azure AD
It fixes#244
Signed-off-by: Weinong Wang <weinong@outlook.com>
Add an option in azure auth module to verify client ID which follows the best practice from Azure AD
It fixeskubeguard#244
Signed-off-by: Weinong Wang <weinong@outlook.com>
Current azure auth provider does not validate token audience matching the client ID. ref and ref. This is not following the recommended practice in validating AAD token:
To prevent from breaking existing guard user, we should add an option to perform client ID validation
The text was updated successfully, but these errors were encountered: