You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Jonathan Gallimore (Jira)" <ji...@apache.org> on 2019/11/08 16:15:00 UTC
[jira] [Created] (TOMEE-2730) Support JWT tokens without an exp
claim
Jonathan Gallimore created TOMEE-2730:
-----------------------------------------
Summary: Support JWT tokens without an exp claim
Key: TOMEE-2730
URL: https://issues.apache.org/jira/browse/TOMEE-2730
Project: TomEE
Issue Type: Improvement
Affects Versions: 8.0.0-Final
Reporter: Jonathan Gallimore
Assignee: Jonathan Gallimore
Fix For: 8.0.1
At present TomEE will reject JWT tokens where the exp claim is a timestamp that is in the past. We also reject tokens where there is no exp claim at all. I propose adding a setting which will allow tokens without an exp claim to be accepted (see [https://tools.ietf.org/html/rfc7519#section-4.1.4)] . The current behavior (not allowing a token without an exp claim) would be the default, and the option to allow tokens without an exp would need to be explicitly enabled.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)