Uploaded image for project: 'Xporter for Jira Cloud'
  1. Xporter for Jira Cloud
  2. XPORTERCLOUD-1707

Bypass Connect app qsh verification via context JWTs

    XporterXMLWordPrintable

Details

    • XPORTERCLOUD 2021 Sprint 4, XPORTERCLOUD 2021 Sprint 5
    • OK

    Description

      The addon.authenticate() middleware is skipping the qsh claim validation when the claim isn't sent. This means that the jwt without qsh claim (jwt generated using AP context) is valid to perform requests to services that are using the addon.authenticate() middleware.

      Please, check the attachment for more information about the fix.

      Attachments

        Issue Links

          Activity

            People

              afpc Andreia Costa [X] (Inactive)
              prpa Paulo Alves
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 7 hours, 30 minutes
                  7h 30m