You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues-all@impala.apache.org by "Jason Fehr (Jira)" <ji...@apache.org> on 2023/06/21 21:28:00 UTC

[jira] [Created] (IMPALA-12232) Impala Verifies JWT Audience and Issuer Claims

Jason Fehr created IMPALA-12232:
-----------------------------------

             Summary: Impala Verifies JWT Audience and Issuer Claims
                 Key: IMPALA-12232
                 URL: https://issues.apache.org/jira/browse/IMPALA-12232
             Project: IMPALA
          Issue Type: Improvement
          Components: be, Security
            Reporter: Jason Fehr
            Assignee: Jason Fehr


RFC 8725 contains JWT best practices that state the audience ("AUD") and issuer ("ISS") claims from a JWT should be validated if they are present.  Impala currently has no mechanism to validate these claims.

Implement [ISS claim validation|https://datatracker.ietf.org/doc/html/rfc8725#name-validate-issuer-and-subject] and [AUD claim validation|https://datatracker.ietf.org/doc/html/rfc8725#name-use-and-validate-audience].



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscribe@impala.apache.org
For additional commands, e-mail: issues-all-help@impala.apache.org