You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Jason Fehr (Jira)" <ji...@apache.org> on 2023/06/21 21:34:00 UTC

[jira] [Updated] (IMPALA-12232) Verify JWT Audience and Issuer Claims

     [ https://issues.apache.org/jira/browse/IMPALA-12232?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Fehr updated IMPALA-12232:
--------------------------------
    Summary: Verify JWT Audience and Issuer Claims  (was: Impala Verifies JWT Audience and Issuer Claims)

> Verify JWT Audience and Issuer Claims
> -------------------------------------
>
>                 Key: IMPALA-12232
>                 URL: https://issues.apache.org/jira/browse/IMPALA-12232
>             Project: IMPALA
>          Issue Type: Improvement
>          Components: be, Security
>            Reporter: Jason Fehr
>            Assignee: Jason Fehr
>            Priority: Major
>              Labels: Impala, JWT, impala, jwt, security
>
> RFC 8725 contains JWT best practices that state the audience ("AUD") and issuer ("ISS") claims from a JWT should be validated if they are present.  Impala currently has no mechanism to validate these claims.
> Implement [ISS claim validation|https://datatracker.ietf.org/doc/html/rfc8725#name-validate-issuer-and-subject] and [AUD claim validation|https://datatracker.ietf.org/doc/html/rfc8725#name-use-and-validate-audience].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org