Jwttoken update #347
Jwttoken update #347
Conversation
deedee
force-pushed
the
jwttoken_update
branch
from
5ee31b2 to
9c0c914
Compare
deedee
force-pushed
the
jwttoken_update
branch
from
9c0c914 to
bbb31ca
Compare
| JWTToken jwtToken = null; | ||
| try { | ||
| decodedPayload = new JWTVerifier(DirectProperties.CLIENT_SECRET_AUTH0, DirectProperties.CLIENT_ID_AUTH0).verify(jwtCookie.getValue()); | ||
| String[] knownIssuers = new String[]{ "https://" + DirectProperties.DOMAIN_AUTH0 }; |
There was a problem hiding this comment.
@deedee we used a different domain, like topcoder-dev.auth0.com, topcoder-newauth0.auth0.com, can you make it configurable through tokens.properties ?
There was a problem hiding this comment.
New token.properties added: @JWT_VALID_ISSUERS@. Named all issuers here, including issuer for old jwt (comma separate)
| static { | ||
| JWT_OPTIONS = new DirectJWTSigner.Options(); | ||
| JWT_OPTIONS.setAlgorithm(Algorithm.HS256); | ||
| JWT_OPTIONS.setAlgorithm(Algorithm.HMAC256(DirectProperties.CLIENT_SECRET_AUTH0.getBytes())); |
There was a problem hiding this comment.
@deedee why change this? will it backward compatible?
There was a problem hiding this comment.
New version of library is not backward compatible. So we need some adjustments regards on this
| @REG_SERVER_NAME@=tc.cloud.topcoder.com | ||
| @LDAP_AUTH0_CONNECTION_NAME@=vm-ldap-connection | ||
| @member.profile.url.base@=http://tc.cloud.topcoder.com | ||
| @JWT_VALID_ISSUERS@ = https://sma.auth0.com, https://newtc.auth0.com |
There was a problem hiding this comment.
@deedee if you didn't set https://topcoder-newauth.auth0.com, will you pass the test? or it is purposely, you didn't put the correct value?
There was a problem hiding this comment.
It will not pass . You need to list all issuers here
2 participants
No description provided.