Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Done
-
1.21.5
-
XPORTERCLOUD 2021 Sprint 8
-
Description
The addon.authenticate() middleware is skipping the qsh claim validation when the claim isn't sent. This means that the jwt without qsh claim (jwt generated using AP context) is valid to perform requests to services that are using the addon.authenticate() middleware.
Please, check the attachment for more information about the fix.
Attachments
Issue Links
- clones
-
XPORTERCLOUD-1707 Bypass Connect app qsh verification via context JWTs
- Closed