You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Jonathan Gallimore (Jira)" <ji...@apache.org> on 2019/11/08 16:15:00 UTC

[jira] [Created] (TOMEE-2730) Support JWT tokens without an exp claim

Jonathan Gallimore created TOMEE-2730:
-----------------------------------------

             Summary: Support JWT tokens without an exp claim
                 Key: TOMEE-2730
                 URL: https://issues.apache.org/jira/browse/TOMEE-2730
             Project: TomEE
          Issue Type: Improvement
    Affects Versions: 8.0.0-Final
            Reporter: Jonathan Gallimore
            Assignee: Jonathan Gallimore
             Fix For: 8.0.1


At present TomEE will reject JWT tokens where the exp claim is a timestamp that is in the past. We also reject tokens where there is no exp claim at all. I propose adding a setting which will allow tokens without an exp claim to be accepted (see [https://tools.ietf.org/html/rfc7519#section-4.1.4)] . The current behavior (not allowing a token without an exp claim) would be the default, and the option to allow tokens without an exp would need to be explicitly enabled.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)