You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After discussing #566 it was decided to introduce a enforce dpop setting. This setting will have a default value of false. In this scenario our middleware will only validate dpop if the following conditions are detected.
dpop header is set on the request
The access token contains the cnf claim
On the KAS side it will only validate the signed request body if the dpopJWK is set as a context value or dpop is enforced.
In either scenario when dpop is enforced we must fail if any requirements are missing.
After discussing #566 it was decided to introduce a
enforce
dpop setting. This setting will have a default value offalse
. In this scenario our middleware will only validate dpop if the following conditions are detected.cnf
claimOn the KAS side it will only validate the signed request body if the
dpopJWK
is set as a context value or dpop is enforced.In either scenario when dpop is enforced we must fail if any requirements are missing.
The text was updated successfully, but these errors were encountered: